UK Government agency the National Cyber Security Centre has issued guidance aimed at medium to large organisations, encouraging them to consider supply chain mapping (SCM) as a way of understanding and managing cyber security risks.
It describes SCM as ‘the process of recording, storing and using information gathered from suppliers who are involved in a company’s supply chain’. The aim of this process is to gain an up-to-date understanding of a company’s network of suppliers, so that cyber risks can be managed more effectively and due diligence can be carried out.
Some typical information that it recommends collating includes a full inventory of suppliers and their subcontractors, the information flows between an organisation and a supplier, and proof of any certifications required.
Supply chains, especially large and complex ones, are particularly vulnerable to cyber attacks. Manufacturing, which plays a vital role in global supply chains, is the most targeted industry worldwide, according to the recently-published IBM Security X-Force Threat Intelligence Index 2023. It overtook financial services as the most-attacked sector in 2021 and rose from 23.2% to accounting for 24.8% of attacks in 2022.
Meanwhile, retail and wholesale ranked fifth on this list facing 8.7% of cyber attacks and transportation ranked ninth with 3.9%. With this in mind, organisations involved in any part of the supply chain should take the threat of cyber attacks seriously.