Skip to 0 minutes and 8 seconds I think it’s important to recognise that data is what drives the economy right now. It’s really valuable to people, and as such, there are loads of different people that might attack your data. So there might be criminals looking for financial gain, the state-sponsored actors who attack systems, but there’s also the hacktivist-type person as well who might have some political motive for accessing your data. So anybody who wants to attack data or attack a system will look for the weakest point. OK. So if that system has got loads of end nodes, the so-called end nodes which are your business partners. If they’ve got some weaknesses, the attackers will certainly look for that first.
Skip to 0 minutes and 54 seconds So it’s the easiest route to get the data is what attackers will use. I think one of the things to think of is the easiest way is avoid all risk. That’s not going to be successful business if you just don’t bother sharing data. So what you need to do is make appropriate risk assessments. And then once you’ve made an assessment, implement a proper risk strategy. Either transfer some of that risk or mitigate some of the risk or get some contingency, for example. Businesses sometimes take scant review of their risk management policies.
Skip to 1 minute and 31 seconds I think what you’ll find is the more mature businesses - especially in their SME community where it’s difficult to give up that time to do risk management - the more mature businesses will endeavour to take some kind of risk management strategy.
Securing the supply chain
A supply chain is only as strong as its weakest link. Increasingly that weakness may not be a physical, but the point in the chain most vulnerable to a cyber-attack.
One of the great things about working at WMG is the breadth of our research. Cyber security is an increasingly hot topic, as in our increasingly data driven economy, crime moves from the realms of the physical to the virtual. As Professor Carsten Maple (Director Research, WMG Cyber Security Centre) explained in the video, we are vulnerable to different types of attack. From criminals for financial gain, ‘hacktivists’ for political motives, and state sponsored actors who wish to attack systems.
The golden rule for anyone looking to attack a system is to look for the weakest or most vulnerable point. In an increasingly networked world, and particularly in the domain of supply chains, this weakness could be hidden away within a supplier’s supplier, or a customer’s customer. The 2010 UK Security Breach Investigations Report, found that 18% of breaches occurred in the supply chain, a figure that the Information Security Forum reported had increased to 40%. I expect this number will only continue to increase as around 70% of all physical supply chain ‘glitches’ occur within the supply chain.
As Carsten discusses, fortunately many organisations have recognised that it is impossible and indeed foolhardy for business growth to try and avoid all risks. Gone are the days when USB ports are glued closed, and IT departments unilaterally say no. More mature businesses are now undertaking some form of risk management strategy to be able to identify and mitigate against the risk of cyber-attack.
If you are interested in hearing more from Carsten on securing the supply chain, please watch Carsten’s full presentation to the WMG Supply Chains in Practice event on YouTube: Securing the supply chain (14:17)
© University of Warwick