In light of the almost daily news of companies suffering security breaches, the need for assessing the risk profile of third- and fourth-party suppliers has never been more necessary than it is today. A company may have its own computing infrastructure secured, but the rest of its digital supply chain often remains overlooked.
The recent attacks reported by Bloomberg show an increasing severity and sophistication of global supply chain attacks, which in this case affected thirty companies including a major bank and government contractors. The attacks initiated by China demonstrate that the security of the technology supply chain was able to be compromised, even if consumers and most companies were completely unaware of it.
Third- and fourth-party vendors are an essential part of many supply chains, without them, many companies simply would not function. However, these ‘supplier’ relationships can run into the thousands for organisations, and how do you know if they are a risk to the business? In this age of data, not managing these potential threats properly could all too easily lead to the loss of important customer data and trade secrets being compromised.
Therefore,…
