Too often data breaches trace back to compromised vendor credentials to access the retailer's internal networks and supply chain. Mapping the flow of information and keeping an eye on key access points will unquestionably remain crucial to building a more resilient information.
Take a moment and think about this: Do you know if your suppliers are protecting your company's sensitive data as diligently as you would protect it yourself? This is one obligation you can't outsource because, in the end, it's your liability. By looking at the structure of your supply chains, determining what information is shared and accessing the probability and impact of potential breaches, you can balance information risk management efforts across your enterprise.
Organizations need to think about the consequences of a supplier providing accidental, but harmful, access to their corporate data. Information shared in the supply chain can include intellectual property, customer-to-employee data, commercial plans or negotiations and logistics. Caution should not be confined to manufacturing or distribution partners. It should also embrace professional services suppliers, all of whom share access, often to your most valuable assets.
To address information risk in the supply chain, organizations should adopt strong, scalable and repeatable processes - obtaining assurance proportionate to the risk faced. Supply chain information risk management should be embedded within existing procurement and vendor management processes.
