Securing corporate supply chains should be the number one priority for CISOs over the next 12 months. This emerged from a briefing by the business body Resilience First, on how the internet has been the backbone of business response to the impact of the Covid19 pandemic.
Intel UK, Nominet, Cyber Rescue, and ISPA UK managers discussed issues facing the tech sector and concluded that, with internet capacity holding up well under demand, the biggest issue facing business is how to secure supply chains that are increasingly extended, and critical. Covid19 has raised serious questions about China’s actions and its role in digital supply chains, the webinar suggested.
Andrew Glover, Chair, Internet Services Providers’ Association (ISPA UK) said: “Early media stories that the internet would not cope proved wide of the mark. Traffic has been doubling year on year anyway. Daytime usage has surged but the overall traffic has not been outside of expectations and we still have plenty of capacity headroom. Networks are still below peak demand seen during large video game releases and remote working generally uses less data-heavy activities like email and video conferencing.”
“In terms of supply-chain resilience, you probably need more than one source of whatever is your most critical dependency. For many people that is internet access. 5G will provide more reliable and faster connectivity to enable us to do more exciting things. Excluding anyone from a supply chain is going to disrupt that supply chain.”
“More regulation is likely from government to ensure that companies are securing their own supply chains, but best practice rather than regulation is the answer.”
Cath Goulding, Chief Information Security Officer at the internet company and .uk registry Nominet UK said: “During this crisis we have seen an increase in phishing using Covid19 and related terms as triggers in emails. We have been working closely with law enforcement and have seen a 30 per cent increase in the suspension of domain names linked to such activity. We have also seen an increase in fraudulent regulated goods such as PPE being advertised over the web. MHRA have asked us to take down several domain names which are not in fact regulated by them.”
“Supply-chain security is the most important consideration for CISOs. A really good exercise for any business is to identify your critical suppliers, like power and telecoms and look at whether you are comfortable with the contractual controls in place. Even the US military are said to only be able to identify the top three of seven layers of their supply chain.”
Kevin Duffey, Managing Director, Cyber Rescue said: “There has been a wave of cyber-attacks during Covid19, against firms already stressed by lockdown. So, companies must verify that their suppliers are still maintaining essential cyber controls. Much of this verification can and must be automated, because hackers are so quick to target vulnerable suppliers and then exploit the data belonging to all of their customers.”
Adrian Criddle, General Manager and Vice President, Intel UK said: “When Covid19 came around and everyone started working from home we saw incredible demand for hardware like Christmas and Black Friday combined. The tech industry has come together collaboratively to find solutions to the problems we have faced to ensure communications are maintained.”
“The UK has already done a lot in terms of supply-chain resilience in preparation for Brexit. We have learnt during the pandemic that we need to look after our people, our customers and our communities and how we do that has changed during lockdown.”
Robert Hall, Executive Director at Resilience First, pictured, said: “Covid19 has raised a number of significant issues for the technology sector, of which supply chain security and resilience is one of the most important.”
“Serious questions have also arisen over the actions of China in the pandemic and this has generated implications for the role of Huawei in 5G. The potential is huge for 5G, but the security and political factors are currently pulling in different directions. The Huawei issue is big enough in itself but Covid19 has also raised wider questions.”
Visit https://www.resiliencefirst.org/.
