Nausicaa Delfas, Executive Director and Chief Operating Officer at the Financial Conduct Authority (UK) recently presented a speech at the Cyber Security Summit and Expo 2017 in London.
During her speech, Ms Delfas cited an issue that often comes up in her conversations with firms, business people or leaders – how to manage risk that ‘lies beneath the surface’.
It is fair to say that businesses often focus on assessing the cyber risks or threats to its critical infrastructure, without considering its supply chain and third party supplier risks.
Ms Delfas pointed out that when a business engages a supplier or partner, it also adopts its risk profile. Ms Delfas recommended businesses ask two key questions:
- What assurances do we have that our suppliers and extended supply chains are secure, and can be trusted with our information?
- Are we consuming the services in a secure way?
A number of major companies have suffered a data breach due to a weak link in its supply chain. Our readers may recall the US retailer Target suffered one of the largest data breaches in recent times, due to a breach via its supplier that maintained its air conditioning systems.
Ms Delfas’ two questions are definitely worth taking on board and considering before engaging any third party supplier. On the flip side, if you are a supplier, start to expect your smart customers to come knocking and asking some pointed questions about your privacy and information security practices. We are already seeing some of our clients scrambling for help in responding to pointed questions they are receiving.