National Cyber Security Centre emphasises importance of supply chain mapping
UK Government agency the National Cyber Security Centre has issued guidance aimed at medium to large organisations, encouraging them to consider supply chain mapping (SCM) as a way of understanding and managing cyber security risks.
It describes SCM as ‘the process of recording, storing and using information gathered from suppliers who are involved in a company’s supply chain’. The aim of this process is to gain an up-to-date understanding of a company’s network of suppliers, so that cyber risks can be managed more effectively and due diligence can be carried out.
Some typical information that it recommends collating includes a full inventory of suppliers and their subcontractors, the information flows between an organisation and a supplier, and proof of any certifications required.
Supply chains, especially large and complex ones, are particularly vulnerable to cyber attacks. Manufacturing, which plays a vital role in global supply chains, is the most targeted industry worldwide, according to the recently-published IBM Security X-Force Threat Intelligence Index 2023. It overtook financial services as the most-attacked sector in 2021 and rose from 23.2% to accounting for 24.8% of attacks in 2022.
Meanwhile, retail and wholesale ranked fifth on this list facing 8.7% of cyber attacks and transportation ranked ninth with 3.9%. With this in mind, organisations involved in any part of the supply chain should take the threat of cyber attacks seriously.