Supply chains 'weakest point' in cyber security

30 April 2021

New Zealand’s National Cyber Security Centre (NCSC) has released a guide to help businesses understand cyber security risks in their supply chains following several hacking incidents.

NCSC director Lisa Fong said last year’s spate of high-profile cyber security incidents reinforced the importance of managing the issue across the supply chain.

The guide, Supply Chain Cyber Security: In Safe Hands, helps businesses identify, assess and manage risks.

New Zealand Stock Exchange and the country’s meteorological service was among organisations attacked last year as part of a distributed denial of service campaign which targeted more than 100 companies and organisations around the world.

The stock exchange was so badly affected by the attack – which consisted of bombarding the target with traffic to overwhelm it – that it was forced to close early.

At the time NZ IT security experts warned cyber security defences in the country lagged around 10 years behind those of comparable organisations in the US or UK, making it a soft touch for hackers.

In January the Reserve Bank of New Zealand said it was investigating an illegal breach of a third-party file sharing service where it stored sensitive information. It was forced to take its system offline temporarily.

“Supply chain vulnerabilities are amongst the most significant cyber threats facing organisations today,” said Fong.

“As organisations strengthen their own cyber security, their exposure to cyber threats in their supply chain increasingly becomes their weakest point.”

She said digital interaction with supply chain can occur across many aspects of an organisation’s operation, not just IT or procurement teams.

“For example, a marketing department might use a third-party service to store a customer information in database in the cloud,” she said.

The NCSC advised businesses to identify their critical suppliers and understand key vulnerabilities.

“Major incidents like last year’s global distributed denial of service campaign, which significantly impacted a range of New Zealand organisations, and the compromise of file transfer software used by the Reserve Bank, reinforce the critical importance of supply chain cyber security,” she said.

The NCSC has already released two other cyber security guides focused on improving incident management and cyber security governance.

 Want to stay up to date with the news? Sign up to our daily bulletin.

CIPS Knowledge
Find out more with CIPS Knowledge:
  • best practice insights
  • guidance
  • tools and templates