OPERATIONS
He also recommends ongoing monitoring for changes to cyber risk , contractual notification of cyber events and the timely offboarding of suppliers to prevent use of credentials .
“ Risk management must be proactive – not reactive ,” insists Manu . “ Annual or quarterly assessments are not sufficient . Ongoing monitoring and timely action is a must .”
Matt advocates a systematic approach to third-party risk assessment , beginning with an examination of third-party applications and how they are used .
Of course , some of these will be essential to specific teams , while others will be more important to the wider business .
Regardless of the application , Matt contends : “ Where you provide access to third parties into your network , or where you bring third-party services into your applications , you should carry out a risk assessment . As part of this , you should complete risk questionnaires with your suppliers and ensure they have effective security policies in place for their staff .”
Regular review and verification of third-party security measures is also a key consideration .
“ This exercise is something you should carry out annually , so you can demonstrate you ’ re tracking this with your partners or service providers ,” Matt continues .
IoT and smart supply chain security The proliferation of IoT devices and sensors in smart supply chains introduces additional layers of security considerations .
“ FROM A RISK PERSPECTIVE , GOING THROUGH POTENTIAL CHALLENGES AND RISK OPPORTUNITIES WITH THE BOARD IS ESSENTIAL ”
MATT MIDDLETON-LEAL MANAGING DIRECTOR EMEA , QUALYS
These devices , often controlling critical systems , require careful monitoring and management to prevent breaches .
Emphasising the high stakes involved , Manu explains : “ Often , IoT devices control not just information but also human life – think pacemakers , building heating . “ Organisations need to adopt a comprehensive programme comprising documented policies and procedures , assessment of compliance requirements , regular risk assessments and employee training .”
Physical security remains a crucial consideration when it comes to implementation of sensors or IoT devices .
Matt insists a series of key questions must be asked : “ Are they hardened against attacks ? Do they have open ports or access points that a determined attacker can get to ? What would happen if someone really did want to take something apart ?
118 December 2024