Page 141 - Cyber Defense eMagazine September 2022
P. 141
Businesses transact with, rely upon and share risk with suppliers every day. But how many leaders in
board rooms know what is really happening on the ground? A recent survey conducted by one of our
members, RSM UK, revealed that business leaders are experiencing successful cyber-attacks in greater
numbers (up to 27% in 2022 from only 20% in 2021). Perhaps even more worryingly, the survey found
that a third of business leaders admit their board does not understand the cyber landscape enough.
Data managed or processed by a third party is subject to the same security requirements as information
which is directly held; a successful attack further down the supply chain would be a critical governance
issue for the client in just the same way as one that occurs closer to home – with the same financial and
reputational implications among the investors and clients who hold the company to account.
Any organisation with global offices, affiliates or partnerships must make itself acutely aware of supply
chain cyber risk. It should determine its level of exposure; identify the controls it can use for mitigation
and make sure these are embedded into supplier contracts. It should also investigate all aspects of its
suppliers’ procedures and operations, from how they store and secure their data; to how they train and
vet the employees who have access to it. Backups, encryption standards, audit trails, incident response
plans and business continuity contingencies are among the many factors that should be considered.
Furthermore, building in regular reviews of the supplier, including determining if overdependency on a
single supplier, is also key and should be balanced in accordance with the relative impact and criticality
of the service they are providing.
Building a universal security conscious culture
What all these examples have in common is the rapid change they are undergoing in terms of how
businesses use them to operate and work. Because of this, we have long understood the importance of
embedding these changes within our overall risk framework. As a growing global organisation, at RSM,
we consider cyber risk across our whole organisation and share best practice through working groups
and internal training events to ensure consistency in processes, systems and approach to security.
Those capabilities could be the technology we adopt, the ways in which our employees choose to work
or the integrity with which the suppliers who support our operations manage their own systems. They are
the things that are required to make an organisation successful. And they are also the areas where we
should be looking for risks so we can safeguard against them with robust systems, training, policies and
skills.
As a global organisation, RSM’s core objective is to bring our team of 51,000 professionals even closer
together and to support the provision of cross-border services to clients. While global policies and
procedures are fundamental to us working cohesively, true collaboration only comes when the collective
shares the same values and vision for the future, as well as best practice like robust cyber defence and
security protocols. This is a truly exciting part of my role as the Chief Information Security Officer for one
of the world’s largest networks of independent audit, tax and consulting firms.
Cyber Defense eMagazine – September 2022 Edition 141
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.