Back in September, I wrote a piece that questioned whether or not you trust your network. As an extension to that piece, this piece focuses on your cyber supply chain.
Let’s begin with this simple premise: you may never fully know who is a part of your cyber supply chain. Why do I say that? It is because it is exactly impossible for you to have a watchful eye on all parts of the supply chain. It would be a full time job for you. In my view, the only entity that could have full control of their cyber supply chain is a government (emphasis on could because even for a government full control of the cyber supply chain could be an incredibly difficult and expensive proposition).
If you accept that simple premise, then by extension, you will have no problem accepting this one as well: the probability of you being breached is greater than zero.
If you are with me so far, this is excellent. It means you have not bought a bag of magical beans from vendors or consultants who are already preaching to you that you are on the way to the cyber secure promised land. Continue reading “Controlling Your Cyber Supply Chain”