The eight weaknesses that leave your supply chain vulnerable to cyber attack

Len Simmons
posted by Len Simmons
10 December 2014

Len Simmons is technical director at Altius Vendor AssessmentSerious breaches of data regularly make news headlines, but it is not only celebrities under threat.

All companies must now take steps to protect themselves online and ensure their supply chain doesn't expose them to cyber-criminals.

A recent PwC report found that 81 per cent of large organisations and 60 per cent of small businesses had been the victim of a security breach in the past year. Another troubling finding was that the overall cost of a data breach had increased dramatically since 2013. Security breaches can have an adverse effect on cash flow, profitability and reputation. Not to mention the steep financial penalties which regulators hand out for negligence.

The dynamic nature of the cyber-threat means businesses seem constantly to be scrambling to keep up. To be effective, an information protection strategy must protect both externally and internally and must ensure there are no weak links in the supply chain.

Firewalls and other ruled ‘perimeters’ provide security against outside intruders, but these measures alone are insufficient. It is estimated that 80 per cent of data breaches occur because of human error. One employee can unintentionally compromise an elaborate protection network for something as seemingly minor as failing to change a default password.

The Information Commissioner’s Office, the data regulator, has released a report detailing the most common weaknesses which compromise systems. These eight areas are:

• A failure to keep software security up to date

• A lack of protection from SQL injection

• The use of unnecessary services

• Poor decommissioning of old software and services

• The insecure storage of passwords

• A failure to encrypt online communications

• Poorly designed networks processing data in inappropriate areas; and

• The continued use of default credentials, including passwords.

It is perhaps surprising how basic some of the weaknesses are and how easy it would be to provide adequate protection. Through effective staff training, many of these weaknesses could be averted.

It is essential businesses check IT security compliance among their suppliers, ensuring these organisations have robust policies and measures in place to prevent common security failures.

☛ Len Simmons is technical director at Altius Vendor Assessment

This position can be based at our headquarters in Dover or any one of our overseas offices.
Between £50,000 - £60,000 depending on experience
Megger Group
East London
East London Waste Authority
CIPS Knowledge
Find out more with CIPS Knowledge:
  • best practice insights
  • guidance
  • tools and templates