The UK National Cyber Security Centre (NCSC) has released two new e-learning packages to help business manage security risks across their supply chains. The packages have been designed to accompany the NCSC’s existing guidance on mapping supply chains and gaining confidence in supply chain cybersecurity. The packages are free to use and are designed to provide supply chain security training that will benefit procurement specialists, risk owners, and cybersecurity professionals.
Supply chain risks pose persistent, diverse challenges for organisations across sectors, with cybercriminals increasingly adept at exploiting various elements of supply chain mechanics to carry out attacks. However, just over one in ten businesses review the risks posed by their immediate suppliers (13%), and the proportion for the wider supply chain is half that figure (7%), according to the DSIT 2023 Security Breaches Survey.
In March, reports surfaced of a digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client being used to target the company’s customers in a significant supply chain attack. Meanwhile, data from Juniper Research suggests that vulnerable software supply chains will cost the global economy $80.6 billion annually by 2026, up from $45.8 billion in 2023. The 76% growth highlights the growing risks from incomprehensive software supply chain security processes and their increasing complexity, the vendor said.
Training covers supply chain management, cybersecurity assessment
The first training package covers supply chain management, chiefly the process of recording, storing, and using information gathered from suppliers who are involved in a company’s supply chain, the NCSC wrote. The training explains:
- What supply chain mapping is, why it’s important, and how it can benefit organisations
- What information it will typically contain
- The role of sub-contractors that suppliers may use
- What this means when agreeing to contracts
The second training package covers gaining confidence in supply chains, including practical steps to help organisations assess cybersecurity. The training:
- Describes typical supplier relationships and ways that organisations are exposed to vulnerabilities and cyberattacks via the supply chain
- Defines expected outcomes and key steps to help businesses assess their supply chain’s approach to cybersecurity
- Answers common questions organisations may encounter as they work through the training