Cyber threats through the keyhole
Make no mistake, cyber warfare is ramping up with cyber criminals looking for new opportunities, and finding them. A key driver is how easy it is to attack the supply chain. If your business relies heavily on third party suppliers, then you are particularly vulnerable.
Many businesses, particularly in the Engineering, Construction, Architecture industries rely on a multitude of frequently changing contractors, sub-contractors, suppliers. This increases risk because it adds a lot of points of vulnerability. If any of your supply chain is compromised, then there is a high chance you could be too. The supply chain is very often a blind spot: you can control your own security, but if your supply chain is attacked, the outcomes can be just as devastating for you as if your own network was attacked.
Felix Group Holdings collaborated in an examination of supply chain risk in the construction industry. This has been exacerbated in recent years by Covid-related shortages and disruption and also by increased international tensions.
The report found only a about half those surveyed understood the gravity of data breaches and cyber attacks and that most organisations were not aware of supply chain risks. This is particularly the case with IT related supply chain risk.
Felix report found:
- Most project sponsors do not understand the true cost of effectively managing third-party risk.
- Most participants were not confident that their organisation can identify all the parties in its extended supply chain.
- A cyber incident can cost millions, reputation damage following on from a cyber incident can cost even more.
- Construction and Engineering managers must take action on cyber security risks not just within their own organisation but across their supply chain.
The Australian Government recognises cyber threat to key Australian infrastructure and has passed The Security Legislation Amendment bill (SLACI) which amended the Critical Infrastructure Protection Act 2018. This mandates companies across a wide range of sectors dealing with infrastructure assets must review and implement measures for cyber risk management and resilience.
This is important to understand: there is a growing threat from increased cyber attacks, governments and governing bodies are recognising the growing threats, and are increasingly mandating business owners and operators must take appropriate action. Note that: its on YOU to protect your business, your clients, your projects from attack.
So what should you do?
First: you can’t assume your IT is safe and secure. Most organisations I audit are NOT safe. Here are some questions every business owner or manager should be able to answer with YES:
- Do you require your suppliers to meet YOUR security standards and can you PROVE it?
- Have you implemented the Essential Eight?
- Do you regularly run a formal, independent audit of your IT systems – including your cloud systems such as Microsoft 365?
- Do you regularly TEST your Disaster Recovery Plan so you know if you can recover everything and how long it takes?
- Do you have a security policy and do all your staff know and understand it?
- Do you regularly run Cyber Awareness training for your staff?
If you answered NO or I DON’T KNOW to any of these questions, give me a call, we should talk about your security.
FooForce is a partner who can deliver security and all your other IT needs. contact FooForce