As companies and organizations evaluate their attack surface, they know to look at their own systems and infrastructure to defend against threats and manage vulnerabilities. However, what about their critical partners and the supply chain? With up to 80% of cyber-attacks now beginning in the supply chain, breaches at even the smallest vendors can have big consequences for enterprise level operations. The problem of supply chain cybersecurity has become so pressing that the United States Department of Defense is rolling out the Cybersecurity Maturity Model Certification (CMMC) as a means to help secure the defense industry. Prime contractors and subcontractors will have to achieve CMMC compliance to do business as part of a DoD contract. The Primes are also expected to take a greater responsibility to ensure that subcontractors are implementing the appropriate security practices and compliance with the DoD standard.
One problem in securing the supply chain is where the organizational responsibility lies. Many different departments of an enterprise work with the supply chain and other critical partners, but there’s no one person or team held accountable.
Corporate legal may…
