Supply chains often comprise thousands of vendors, many of which might be vulnerable to cyber attacks....
Fantastic news! We've Found the answer you've been seeking!
Question:
Transcribed Image Text:
Supply chains often comprise thousands of vendors, many of which might be vulnerable to cyber attacks. Hackers often target such vendors as a means of gaining access into a larger company - the so-called backdoor attack. Supply vendors are too often the entry point for malware, ransomware or denial of service attacks, which then work their way upstream or downstream to the larger organization itself. In the event that a supplier or third party is subject to a cyberattack that means they are unable to deliver key products or services, this can become a big problem very quickly and may impact business continuity. Internally, the biggest cyber threats come from suppliers or other third parties who have access to an organisation's IT networks. Externally, the biggest threat is from third-party organisations who perform a critical business process or deliver a key product to the first party. Yet despite the high-tech world we live in, a deal of cybersecurity is not complicated; much of it is down to sound housekeeping and well-managed communications, both in-house and external. James McDowell is MD of BlueVoyant UK, whose cloud-based cybersecurity platform, BlueVoyant Elements, detects and respond to cybersecurity incidents. But the stark truth is too many businesses have a supply chain security problem. McDowell says that industry research suggests that on monitoring and mitigating cybersecurity risk in the supply chain "the needle has barely moved in the past three years". He says that with economic uncertainty "putting pressure on budgets and cybercriminal activity escalating" organisations "must urgently consider how they are going to address this". He adds: "Companies must urgently consider how they're going to address this issue because maintaining the status quo is simply not sufficient. "It's a status quo whereby 97% of companies have experienced negative consequences due to a cybersecurity breach among the external vendors and suppliers that form their supply chain." More concerning still says McDowell is that BlueYovant research shows that even among organisations that take steps to mitigate third-party cybersecurity risk, more than one-third of them reassess that risk only every six months. "And just 3% of them are able to monitor risk daily or in real time," he says. "A lot can happen in a week to take a supplier from compliant to high-risk," McDowell points out. "So if you multiply that by the six months or more at which organisations are typically reassessing their vendors it is clear that the level of unmanaged risk is considerable." BlueVoyant's research - conducted among 300 senior UK cybersecurity professionals - also found the average organisation had suffered more than four breaches in 2022 12 months, up from just over 3.5 breaches on average in 2021. "This points to a huge visibility problem," says McDowell."The majority of cyber risk in the digital supply chain is going undetected for long periods. This allows potential attackers ample time to infiltrate systems, island hop from one to another and launch destructive attack campaigns with little risk of being discovered." He adds: "This means that most businesses are easy targets for attacks, and are exposed to the threat of operational disruption, financial losses and reputational damage during a time when economic uncertainties severely impact the chances of recovery." McDowell says that, when it comes to supply chain cybersecurity many organisations "are understandably stumped by the scale of the issue". He adds that today's vendor ecosystems are massive and complex, sometimes comprising thousands of suppliers with varying levels of access to a business's systems and infrastructure. "Monitoring all these using conventional methods, such as surveys, generates a huge administrative burden and only provides limited assurance of a supplier's cyber security posture at a single point in time," he says McDowell says that although this "ticks a compliance box it doesn't offer a picture of evolving risk that helps the business adapt strategically to the threat environment". Typically, he says, businesses look more closely at top-tier suppliers, "which are mainly those with whom it has strategic relationships". "But they have less bandwidth to monitor the long tail of other suppliers," he adds. "Nevertheless, it only takes one of these lower-profile partners to become victim to an attack to set off a domino effect of network compromises. Resolving this, he says, requires "a step change", in how organisations gain visibility over third parties and that "deploying automation is the logical step to take". McDowell reveals that BlueVoyant's research found that UK companies are less likely than those in other countries to use a vendor risk-management programme, with just 36% saying they have one in place, compared with 41% of respondents from elsewhere. He says this pattern might be linked to budgets. "UK organisations are less likely than those in other regions to be getting cybersecurity budget increases". But he warns that the "intensive threat landscape" should be enough to prompt businesses to reconsider budgets. "They need to consider whether the price is worth paying, to avoid the currently almost certain risk of suffering a breach via the supply chain." McDonnell says when it comes to managing alerts arising from vendor monitoring, companies "should look towards advanced Al-powered options" because "these can lift the burden of analysis and prioritization". He adds that "it's important there is the facility for human review of key decisions and processes". "The investment needed to establish effective third-party cyber risk management is not as high as you might think," he says, adding that "implementing a robust solution delivers a host of strategic data that can be incorporated into corporate risk management and decision-making processes". He continues: "Businesses should look for solutions capable of scaling, to cover all suppliers. They should also aim for continuous monitoring so that attackers' window of opportunity is limited as far as possible, and risk is reduced accordingly." This, he says, allows businesses to proactively manage their supply chains and to deliver greater resilience at a time when it is badly needed. "And of course, compared to the cost of a breach, the investment is a price well worth paying," he stresses. Assessment 1. When top-tier suppliers or third party vendors are subject to a cyber attacks, the organization is unable to deliver the quality and maintain the branding. Elaborate how could this become an issue and impact the business continuity performance in supply chain department. 2. When too many businesses faces supply chain security problem, discuss how under SCRM mitigate the cyber threats from the third-party suppliers to maintain a great supply chain reputation. 3. Discuss, why the lower profile supply partners becomes the victim of the cyber security attacks, and how can the supply chain professionals gain visibility over the third parties risk and develop a contingency strategic planning? 4. McDowell says, The majority of cyber risk in the digital supply chain is going undetected for long periods'. Discuss why? END 30 Marks ASSIGNMENT SUBMISSION POLICY: 1. Submission due on 17th April 2023. 2. Assignments which are late within 24 hours will receive 20% deduction. 3. Enclose all the relevant research materials, articles and news portal links at references page. Supply chains often comprise thousands of vendors, many of which might be vulnerable to cyber attacks. Hackers often target such vendors as a means of gaining access into a larger company - the so-called backdoor attack. Supply vendors are too often the entry point for malware, ransomware or denial of service attacks, which then work their way upstream or downstream to the larger organization itself. In the event that a supplier or third party is subject to a cyberattack that means they are unable to deliver key products or services, this can become a big problem very quickly and may impact business continuity. Internally, the biggest cyber threats come from suppliers or other third parties who have access to an organisation's IT networks. Externally, the biggest threat is from third-party organisations who perform a critical business process or deliver a key product to the first party. Yet despite the high-tech world we live in, a deal of cybersecurity is not complicated; much of it is down to sound housekeeping and well-managed communications, both in-house and external. James McDowell is MD of BlueVoyant UK, whose cloud-based cybersecurity platform, BlueVoyant Elements, detects and respond to cybersecurity incidents. But the stark truth is too many businesses have a supply chain security problem. McDowell says that industry research suggests that on monitoring and mitigating cybersecurity risk in the supply chain "the needle has barely moved in the past three years". He says that with economic uncertainty "putting pressure on budgets and cybercriminal activity escalating" organisations "must urgently consider how they are going to address this". He adds: "Companies must urgently consider how they're going to address this issue because maintaining the status quo is simply not sufficient. "It's a status quo whereby 97% of companies have experienced negative consequences due to a cybersecurity breach among the external vendors and suppliers that form their supply chain." More concerning still says McDowell is that BlueYovant research shows that even among organisations that take steps to mitigate third-party cybersecurity risk, more than one-third of them reassess that risk only every six months. "And just 3% of them are able to monitor risk daily or in real time," he says. "A lot can happen in a week to take a supplier from compliant to high-risk," McDowell points out. "So if you multiply that by the six months or more at which organisations are typically reassessing their vendors it is clear that the level of unmanaged risk is considerable." BlueVoyant's research - conducted among 300 senior UK cybersecurity professionals - also found the average organisation had suffered more than four breaches in 2022 12 months, up from just over 3.5 breaches on average in 2021. "This points to a huge visibility problem," says McDowell."The majority of cyber risk in the digital supply chain is going undetected for long periods. This allows potential attackers ample time to infiltrate systems, island hop from one to another and launch destructive attack campaigns with little risk of being discovered." He adds: "This means that most businesses are easy targets for attacks, and are exposed to the threat of operational disruption, financial losses and reputational damage during a time when economic uncertainties severely impact the chances of recovery." McDowell says that, when it comes to supply chain cybersecurity many organisations "are understandably stumped by the scale of the issue". He adds that today's vendor ecosystems are massive and complex, sometimes comprising thousands of suppliers with varying levels of access to a business's systems and infrastructure. "Monitoring all these using conventional methods, such as surveys, generates a huge administrative burden and only provides limited assurance of a supplier's cyber security posture at a single point in time," he says McDowell says that although this "ticks a compliance box it doesn't offer a picture of evolving risk that helps the business adapt strategically to the threat environment". Typically, he says, businesses look more closely at top-tier suppliers, "which are mainly those with whom it has strategic relationships". "But they have less bandwidth to monitor the long tail of other suppliers," he adds. "Nevertheless, it only takes one of these lower-profile partners to become victim to an attack to set off a domino effect of network compromises. Resolving this, he says, requires "a step change", in how organisations gain visibility over third parties and that "deploying automation is the logical step to take". McDowell reveals that BlueVoyant's research found that UK companies are less likely than those in other countries to use a vendor risk-management programme, with just 36% saying they have one in place, compared with 41% of respondents from elsewhere. He says this pattern might be linked to budgets. "UK organisations are less likely than those in other regions to be getting cybersecurity budget increases". But he warns that the "intensive threat landscape" should be enough to prompt businesses to reconsider budgets. "They need to consider whether the price is worth paying, to avoid the currently almost certain risk of suffering a breach via the supply chain." McDonnell says when it comes to managing alerts arising from vendor monitoring, companies "should look towards advanced Al-powered options" because "these can lift the burden of analysis and prioritization". He adds that "it's important there is the facility for human review of key decisions and processes". "The investment needed to establish effective third-party cyber risk management is not as high as you might think," he says, adding that "implementing a robust solution delivers a host of strategic data that can be incorporated into corporate risk management and decision-making processes". He continues: "Businesses should look for solutions capable of scaling, to cover all suppliers. They should also aim for continuous monitoring so that attackers' window of opportunity is limited as far as possible, and risk is reduced accordingly." This, he says, allows businesses to proactively manage their supply chains and to deliver greater resilience at a time when it is badly needed. "And of course, compared to the cost of a breach, the investment is a price well worth paying," he stresses. Assessment 1. When top-tier suppliers or third party vendors are subject to a cyber attacks, the organization is unable to deliver the quality and maintain the branding. Elaborate how could this become an issue and impact the business continuity performance in supply chain department. 2. When too many businesses faces supply chain security problem, discuss how under SCRM mitigate the cyber threats from the third-party suppliers to maintain a great supply chain reputation. 3. Discuss, why the lower profile supply partners becomes the victim of the cyber security attacks, and how can the supply chain professionals gain visibility over the third parties risk and develop a contingency strategic planning? 4. McDowell says, The majority of cyber risk in the digital supply chain is going undetected for long periods'. Discuss why? END 30 Marks ASSIGNMENT SUBMISSION POLICY: 1. Submission due on 17th April 2023. 2. Assignments which are late within 24 hours will receive 20% deduction. 3. Enclose all the relevant research materials, articles and news portal links at references page.
Expert Answer:
Answer rating: 100% (QA)
Assessment 1 Impact of Cyber Attacks on Business Continuity in Supply Chain When toptier suppliers or thirdparty vendors fall victim to cyber attacks it can disrupt the flow of products or services wi... View the full answer
Related Book For
Principles Of Information Security
ISBN: 9780357506431
7th Edition
Authors: Michael E. Whitman, Herbert J. Mattord
Posted Date:
Students also viewed these general management questions
-
Planning is one of the most important management functions in any business. A front office managers first step in planning should involve determine the departments goals. Planning also includes...
-
Googles ease of use and superior search results have propelled the search engine to its num- ber one status, ousting the early dominance of competitors such as WebCrawler and Infos- eek. Even later...
-
"A 10% uniaxial tensile strain has been applied to a mouse tail tendon fascicle. Using Davis and De Vita's nonlinear viscoelastic model, plot the change in axial stress over time. Given: c1=20.3 MPa;...
-
A product requires processing on three machines. Processing time on Machine A is three minutes less than four-fifths of the number of minutes on Machine B, and processing time on Machine C is...
-
Show that for a van der Waals gas, Cp,m Cv,m = R 1/ = 1 (3Vt 1)2/4V3tTt and evaluate the difference for xenon at 25C and 10.0 atm.
-
Using the second-order Runge-Kutta method, solve the differential equation \(\ddot{x}+1000 x=0\) with the initial conditions \(x_{0}=5\) and \(\dot{x}_{0}=0\). Use \(\Delta t=0.01\).
-
1. Where do you stand? Do you think EU subsidies and soft loans to Airbus are fair? Why or why not? What advantages does Airbus gain from free financial support from the EU governments? Are...
-
Laizure Clinic uses patient - visits as its measure of activity. The clinic bases its budgets on the following information: Revenue should be $ 5 8 . 9 0 per patient - visit. Personnel expenses...
-
1. Who are the followers at Bluebird Care? 2. In what way is followership related to the mission of the agency? Do Robin and her managers recognize the importance of followership? Explain. 3. Using...
-
Review the list of IT professional skill sets that were among the highest paying jobs for IT professionals working in client organizations. Which types of jobs would you find the most interesting and...
-
Recently, Google has encountered issues with employees not trusting the transparency of upper management, and many Googlers have left. Explain how the people analytics team might address this issue.
-
Describe succinctly what the opportunity is and make a compelling case for your business including these points: Why have you chosen the entry point to start your venture? What is a compelling need...
-
Do you have any comments on the technology model that Mate1 has adopted? Why have they adopted this technology model for their business? How important or critical is advertising to Mate1?
-
XYZ Limited is having a leather company. It got export awards for 15 years. The company diversified into cotton business. The vagaries of cotton price movement affected the liquidity. What...
-
A sinusoidal electromagnetic wave has a peak electric field of 8.00 kV/m. What is the intensity of the wave?
-
Dr Joe Medic, a lecturer in Medicine at Adelaide University, took leave on 8 March 2020 to attend a three-day conference in London. While there, he was offered a 12-month fellowship at the Smith...
-
Outline a general process applicable to most control situations. Using this, explain how you would develop a system to control home delivery staff at a local pizza shop.
-
What is the term called for which actions taken by management specify the organization's efforts and actions if an adverse event becomes an incident or disaster? a. CSIRT plan b. Contingency planning...
-
True or False: The authentication factor something a supplicant has relies upon individual characteristics, such as fingerprints, palm prints, hand topography, hand geometry, or retina and iris scans.
-
I. Identify one of the core needs of threat intelligence is the ability for the SIEM system to analyze event data to detect anomalies or track interactions between users and places where data is...
-
Determine the slope at \(B\) and displacement at \(C . E I\) is constant. W W C02 312
-
The two bars are pin connected at \(D\). Determine the slope at \(A\) and the displacement at \(D\). \(E I\) is constant. B 212 L2
-
Determine the slope at \(C\) and displacement at \(B\). \(E I\) is constant. A a W B
Study smarter with the SolutionInn App