How Australia and New Zealand CISOs can get ahead of supply chain attacks

With threats on the rise, Australia and New Zealand CISOs are facing the challenge that an attack on one organisation can become a common vulnerability.

supply chain management logistics - ERP - Enterprise Resource Planning
Thinkstock

More than a third of Australia and New Zealand (A/NZ) organisations have suffered a supply chain attack in the last 12 months according to a recent study, and CISOs have one more item on their list to focus: the changing dynamics of such attacks.

A supply chain attack happens when an unauthorised individual infiltrates an organisation’s system via a third-party partner or provider.

“Organisations have had to start thinking about supply chains differently to what they ever have before,” says Michelle Price, partner cybersecurity consulting at EY, on the impact of the pandemic and the changing dynamics of supply chains.

Although some supply chains are no longer available within the digital space, accessing alternatives may be seamless because there’s more choice, notes Price. “But we're forgetting the security implications as we make those decisions, which opens up a whole range of vulnerabilities and risks that we haven't contended with before,” she tells CSO Australia.

Even with existing supply chains that remain dormant, they’re still collecting cyber risks, and it’s a problem across the virtual and physical worlds creating new systemic types of risks. “That collision of the two, and they now are really interdependent, means we're seeing a new class of risks emerge, and that’s incredibly challenging for businesses and organisations more broadly to wrap their heads around,” says Price.

To continue reading this article register now

7 hot cybersecurity trends (and 2 going cold)