Supply chains are often large and complex, and effectively securing the supply chain can be hard because vulnerabilities can be inherent, introduced or exploited at any point within it. The first step is to understand your supply chain, including commodity suppliers such cloud service providers and those suppliers you hold a bespoke contract with.
Exercising influence where you can, and encouraging continuous improvement, will help improve security across your supply chain.
Requiring your suppliers meet the requirements of the Cyber Essentials scheme for example is a great first step in ensuring they are adopting basic best practices in cyber security and in doing so reduce the risk to your organisation.
Want to know more about your Cyber Security posture?
Solutions that can Help your Business with Supply Chain Security
A Vulnerability Assessment is an automated activity that actively scans for possible security vulnerabilities within an internal or external infrastructure (including all systems, network devices and communication equipment connected to that network) that cybercriminals could exploit.
It is conducted against infrastructure IP addresses and produces a report to identify any issues found and allow you to resolve them.
Cyber Essentials is a UK government backed scheme owned and run by GCHQ. The aim of the scheme is provide a simple framework for UK businesses to follow to achieve a basic standard of cyber security.
It has two levels of certification, Standard which is an online self-assessment, and Plus which is an on-site audit of the responses provided by your organisation in the Standard version of the assessment.
A pen test goes further and deeper. An expert pen tester (sometimes known as ethical or white-hat hackers) will run the tests. The pen test will include a vulnerability assessment for an initial sweep of the infrastructure, but the key here is that the pen tester will use the output of the Vulnerability Assessment and combine it with their experience and skillset to penetrate further into your network.
They will perform research and reconnaissance, threat analysis and exploitation of the vulnerabilities identified to reveal the full extent of your information security and its weaknesses.
The report from a pen test will provide a detailed list of any threats or vulnerabilities found and the recommended remedial actions. Threats and vulnerabilities are ranked in order of criticality. The report will also contain an executive summary and an attack narrative which will explain the risks in business terms.
Need advice, support or more information?
At Chess, we have a dedicated team of Cyber Security specialists and are backed by our award-winning vendors with decades of experience in most deployment scenarios. If you would like to discuss your cyber security needs, please book your free consultation.