cyber strategy

What keeps a CISO awake? An uncomfortable bed … and my third party supply chain

I’m often asked by my fellow colleagues, 'what keeps me up at night?', to which I currently reply, 'an uncomfortable bed'. For those of you who have ever had significant home renovation, I know you will sympathise. Sleeping on the sofa gets old fast – I should be back in my own bed by Christmas!

Apart from the uncomfortable bed, understanding and managing third supply chain risk keeps me from my forty winks. Questions start running though my head as I try to count sheep – what more can I do to tackle security risk and shore up my supply chain? And are my third parties doing to same? I start jotting down notes and then think, this goes beyond security risk. What about auditing, compliance and just managing the workload and complexity of the whole process consistently?

As my fellow security professionals will attest to, complexity is one of the biggest barriers to good security. There’s a web of point solutions which have been added to existing infrastructures, not to mention the multiple ways to produce reports for different business stakeholders. Apply these things to your extended network of third and fourth parties and the process becomes even more acute.

A recent report from ClubCISO reveals that there are far too many organisations relying on ad hoc processes for enforcing security and inconsistent auditing of third parties. So what’s the solution and how can we all get some sleep? Let’s combine our efforts and information across institutions and third parties. By leveraging a common shared platform, we can all benefit from managing third fourth or even fifth party risk. After all, the exchange of information is priceless even though security vigilance means sleeping with one eye open.

+ posts

Darren is an accomplished executive with close to 20 years international cyber risk and security experience and broad expertise in providing hands-on leadership, strategic C-level/board direction and programme execution. He was named in the top 100 Chief Information Security Officers globally in 2022 and the top 100 Global IT Security Influencers in 2018.

Leave a Comment

Your email address will not be published.