Security professionals recognise that the weakest link is the one most likely to be compromised by a hacker. But an organisation’s security model should not fall apart just because a part of the business, or a business partner, has weak security.
Tim Holman, CEO at 2-sec, says the term “secure as the weakest link” implies that all parts of the business and everything that links each part together are on an equal footing and trust level to everything else. But this idea of securing the weakest link is not working.
A survey conducted by the UK government recently reported that a lack of visibility in supply chains is one of the biggest barriers to effective supplier cyber risk management.
Meanwhile, a study from ISACA found that many cyber security professionals are concerned about the security of their organisation’s supply chain. Two-thirds (66%) of respondents are worried about poor information security practices by suppliers.
While business drives greater levels of technical development, security can sometimes be an afterthought, warns Mike Gillespie, vice-president of the C3i Centre for Strategic Cyberspace and Security Science (CSCSS).
“Experience has…
