Cyber-attacks resulting from vulnerabilities within the supply chain can result in devastating, expensive and long-term ramifications for affected organisations, their supply chains and their customers.
But despite these risks, many companies lose sight of their supply chains. In fact, according to the DSIT 2023 Security Breaches Survey, just over one in ten businesses review the risks posed by their immediate suppliers (13%), and the proportion for the wider supply chain is half that figure (7%).
As a result the NCSC have launched two new e-learning packages that will help procurement specialists, risk owners and cyber security professionals to effectively manage risks across their supply chains.
The packages have been designed to accompany the NCSC’s existing guidance on Mapping your supply chain and Gaining confidence in your supply chain cyber security.
To use the training, simply visit the Supply Chain Mapping e-learning section, which is hosted on the NCSC website. The package is free to use, and includes knowledge checks. No login is required - just click on the link and start learning.
Mapping your supply chain is the process of recording, storing and using information gathered from suppliers who are involved in a company’s supply chain. The training explains:
what supply chain mapping is, why it’s important and how it can benefit your organisation
what information it will typically contain
the role of sub-contractors that your suppliers may use
what this means when agreeing contracts
Gaining confidence in your supply chain describes practical steps to help organisations assess cyber security in their supply chains. The training:
describes typical supplier relationships, and ways that organisations are exposed to vulnerabilities and cyber attacks via thesupply chain
defines expected outcomes and key steps to help you assess your supply chain’s approach to cyber security
answers common questions you may encounter as you work through the training