Kicking against the general trend of economic malaise, some hero companies have enjoyed spectacular growth over the last couple of years. There have been success stories in many sectors from fintech to veterinary health, haulage to green energy.
But fast growth brings its own headaches when it comes to third party risk management. Rapidly expanding businesses often share three characteristics that magnify the risks their vendors pose – risks that can even be existential. These are:
- A tendency to outsource their non-core solutions.
- Exposed technology, because they are using the latest software apps and free, easy collaborative platforms rather than traditional interfaces such as Microsoft.
- They are in cyber security debt.
What is cyber security debt?
It's what happens when turbo-charged start-ups or established corporates find they have run before they can walk with regards to cyber security. Their business has rocketed ahead before their tech resilience is robust enough to cope. In effect, they are now running a cyber-security overdraft and need to consider repaying the debt. Sooner rather than later.
Making cyber security a priority is about both risk mitigation and opportunity.
The approach we recommend is defence in depth.
Fast-growth businesses find themselves with a complex, multi-layered supply chain and consequently potential risk everywhere they turn. Seven out of ten cyberattacks involve a third party supplier. It only takes a rogue email to breach the inadequate security at one of your suppliers to open your entire business up to ransomware hackers – and even threaten its very existence.
The “Swiss cheese” model
Defence in depth is also known as the “Swiss cheese” model, and virologists say it is the foundation of a successful long-term defence against COVID-19.
The basis of this approach is that vaccines alone will not stop coronavirus spreading. Rather, because no single measure is 100% effective, a combination is needed: jabs, testing and tracing, quarantine, face masks, social distancing, being outdoors... none of them reduces the risk to zero but pile them up one on top of the other and you can drastically diminish the chances of the virus getting through.
This analogy works with cyber viruses, too. When you have so many suppliers (and so many holes) a one-size-fits-all solution will never be enough. Instead, you need to build up layers of protection, just like that Swiss cheese.
Matching effort and cost to degree of risk of cyber attack
Crucially you need to match effort and cost to degree of risk, focusing your limited resources on the suppliers that present the most danger to your business. With C2 Cyber’s proprietary COBRA platform, our clients can identify the supply chain risks that pose the greatest threat.
As well as mitigating risk, working with C2 Cyber offers fast-growth companies in any sector the opportunity to forge cyber-safe relationships with their key suppliers, improve collaboration and grow stronger together.
C2 Cyber are experts in cyber security and vendor risk management. To secure your supply chain, call us today on +44 (0) 20 7965 7597.
Read more article...