In addition to the cyber risks known by all companies, there are also those related to the supply chain, or third-party risk
The more extensive the supply chain, the more the risk surface increases. Coupled with the extension of telecommuting and the multiplication of connections, the task of the CISO becomes arduous. There are many answers, but in the face of complexity, it is critical to apply basic security measures.
Fifteen years ago, it was “simple” for a CISO or CIO to detect an anomaly on his or her network, and also quite simple to protect against attacks. Most of these attacks were carried out by humans and not by computer networks via entry points from various hardware and software. Another major change is the supply chain. Where a small or medium-sized company used to use only a few components to make its product, today the components come from several hundred companies around the world. The example of the cell phone alone speaks for itself: the components and assembly are still made abroad. This implies that a company must trust by default those who manufacture and assemble these components. This can be a risky bet.
In fact, attackers know…
