The UK National Cyber Security Centre (NCSC) has released a 29-page guidance meant to help medium and large organizations to asses defences and resilience in their supply chains.
The move comes as a response to a significant increase of cyberattacks targeting supply chains in recent years. The new guidance urges organizations to work with their suppliers to identify weaknesses and boost resilience.
It also describes ways that organizations are exposed to vulnerabilities and cyberattacks via the supply chain, defines expected outcomes and offers key steps to help organizations assess their supply chain’s approach to cybersecurity.
These include understanding why supply chain security matters; developing an approach to assess supply chain security, prioritising critical assets, and create key components for this approach; ensuring that the team who will be involved in assessing suppliers are trained in cybersecurity; integrating the approach into existing supplier contacts; evaluating the approach and its components regularly.