No organisation is an island. Last month’s attack on payroll software Zellis, reminds us how the effects of one breach can very quickly cascade across the business network to third parties, resulting in a much larger number of victims. And it’s not just the business that suffers.
By Guy Golan, CEO at Performanta
No organisation is an island.
Last month’s attack on payroll software Zellis, reminds us how the effects of one breach can very quickly cascade across the business network to third parties, resulting in a much larger number of victims. And it’s not just the business that suffers.
Promisingly, according to the Government’s latest breaches survey, the majority of large businesses (55%) are reviewing supply chain risks for the first time. However, this is still relatively uncommon across organisations overall.
Just over one in ten (13%) businesses say they review the risks posed by their immediate suppliers.
The industry needs to shift its mindset from one of security to one of safety. Assessments are carried out every day to determine whether an organization is deemed ‘secure’ by compliance and industry standards, but this doesn’t mean that all parties involved are safe.
We need a global data-driven strategy that prioritizes accuracy, transparency and context when it comes to cybersecurity across the entire supply chain, for the sake of each business and every single individual involved.
An agreement is a partnership
When part of a supply chain, businesses essentially sign up to an industry partnership, meaning you share the responsibility of digital security.
As a first step, organization must recognize that cybersecurity is not just about compliance; it is about ensuring the safety and resilience of their operations. As the cyber industry continues to grow and adapt, the threats organisations face are becoming more sophisticated and pervasive, meaning that one breach in the supply chain could spell trouble for countless businesses.
The cyber industry is dynamic, with new technologies, applications, and threats emerging constantly. Acknowledging the evolving nature of cyber threats is vital to promoting safety across digital supply chains.
We are still in the early stages of the cyber evolution; there are areas of technology and new kinds of risk that the industry is yet to uncover. Only through recognising this and preparing for changes to come can true safety be achieved.
Businesses should aim to create a culture of safety that permeates all levels of the organization. This culture includes proactive risk assessment, continuous monitoring, and ongoing training and education for employees.
Instilling a mindset of safety across the supply chain
Defending against the unknown – which the industry has come to see as common practice – was long viewed as being impossible, but we can now take proactive measures within digital supply chains to enhance our preparedness.
Although the industry has yet to establish an official definition of what it means to be ‘safe’ in the cyber realm, assessments based on compliance standards alone do not guarantee safety for all involved parties. Nevertheless, the industry is already well-positioned to make this transition from security to safety.
Three core elements shape a comprehensive cyber safety strategy: accuracy, transparency, and context.
To effectively navigate the evolving risk landscape, digital supply chains must accurately identify potential risks, understand the impact of these threats, and develop appropriate solutions. This necessitates real-time, precise data and user-friendly methods for assessment and presentation that facilitate effective response from teams.
As data accuracy increases, transparency naturally follows. Transparent communication and shared insights are crucial for all stakeholders within a cyber safety strategy, both internal and external. Within a supply chain, transparency becomes paramount to align all parties and respond effectively to threats.
Furthermore, it is imperative to ensure that security insights are accessible to all areas of the digital supply chain, not just those with cybersecurity expertise. Translating data into understandable terms for stakeholders such as CEOs and CFOs fosters company-wide awareness of risks. This widespread understanding is essential for securing buy-in and implementing a comprehensive safety strategy.
As our lives and identities become increasingly intertwined with the digital realm, feeling safe is fundamental. Merely achieving compliance is no longer sufficient for businesses. Even organisations that claim to be shielded by robust security defenses have faced vulnerabilities time and again.
The connections within supply chains can very easily turn from being a business advantage to a catastrophic vulnerability. After all, the Zellis breach resulted in stolen customer data from large organisations like the BBC, Boots and British Airways.
Clearly, the traditional security approach has reached its limits. The industry must seize this opportune moment to unite under the banner of safety, prioritizing the holistic wellbeing of digital supply chains.
About the Author
Guy Golan is a Cybersecurity Expert with over 20 years of experience in the industry. He started his career in the Intelligence Brigade for the Israeli Defence Force before leading several large organisations as CISO. He’s now the CEO and Founder of global cybersecurity firm Performanta, with over 150 security professionals spanning three continents.