As a large organization, working with suppliers of different sizes can pose several challenges. In this video, learn why large organisations often want to standardise the quality of cybersecurity their suppliers implement, and why this may not be practical.
- [Instructor] To be able to properly understand … the supply chain cybersecurity problem, … it's useful to see examples of businesses … that look like your own and others, … and to see what problems they share … and what differences there are. … With large organizations, the aim is usually … to make sure that their suppliers … and customers don't give hackers a way … to breach the business. … Cybersecurity experts often talk about these ways … into the business as attack vectors. … So, very large organizations will share … some characteristics. … They typically have thousands of suppliers. … Many of those suppliers will have different contracts, … and so different relationships. … In some sectors, the business might not have much choice … of an alternative supplier. … The suppliers will have different sized businesses, … from tens of thousands to a handful of employees. … The supplier might not see themselves … as having any responsibility for cybersecurity, … especially if they're providing goods, …
- Recognize how business and technology together create a supply chain cybersecurity problem.
- Identify how cybersecurity defines and maintains boundaries.
- Analyze how common cybersecurity practices compare to supply chain security issues.
- Give examples of how cybersecurity is implemented throughout an organization.
- Differentiate between prescriptive-based requirements and goal-based cybersecurity, with an identified supply chain risk.
- Provide evidence for why communicating about cybersecurity between businesses can be daunting.