Menu
GCSB posts advice on ICT supply chain risks

GCSB posts advice on ICT supply chain risks

Advice comes in wake of high profile attacks on the Reserve Bank of NZ and the New Zealand Stock Exchange

Lisa Fong (National Cyber Security Centre)

Lisa Fong (National Cyber Security Centre)

Credit: Supplied

The Government Communications Security Bureau’s National Cyber Security Centre (NCSC) has released guidance to help executives and cyber security professionals manage ICT supply chain security risks.

NCSC director Lisa Fong said a recent spate of high-profile cyber security incidents reinforced the importance of managing cyber security across the supply chain.

“Supply chain vulnerabilities are amongst the most significant cyber threats facing organisations today," Fong said.

“Major incidents like last year’s global distributed denial of service (DDoS) campaign which significantly impacted a range of New Zealand organisations, and the compromise of file transfer software used by the Reserve Bank, reinforce the critical importance of supply chain cyber security,” she said.

The Reserve Bank of New Zealand lost confidential data as the result to a global attack on a legacy version of Accellion's file sharing software over the Christmas period. A KPMG report on the incident is expected imminently.

The NCSC’s new resource, "Supply Chain Cyber Security: In Safe Hands", is the third release in a guidance series based on analysis of 250 New Zealand organisations’ cyber security resilience. 

Previous releases focused on improving incident management and cyber security governance.

Fong said cyber security threats target organisations’ most vulnerable points.

“As organisations strengthen their own cyber security, their exposure to cyber threats in the supply chain increasingly becomes their weakest point.

“Digital interaction with supply chain elements can occur across many aspects of an organisation’s operation, not just the IT or procurement teams. 

"For example, a marketing department might use a third-party service to store a customer information database in the cloud."

The guidance outlines three phases in establishing an effective capability to manage supply chain cyber risk and improve organisational cyber resilience: identify, assess and manage.

The first, is to identify who critical suppliers are and understand which key assets and services are most vulnerable to threats in your supply chain.

Then assess vulnerabilities in the supply chain and allocate resources to increase the cyber security resilience of critical areas. 

Finally, manage supply chain risk through a programme of monitoring, cyber security performance assessment, and integration of supply chain risk into organisational risk management frameworks. 

The guidance, described as an introduction to the issue, is designed for both government and non-government organisations of varying sizes and capabilities. 

“We hope organisations will use this as a resource to support the conversation between practitioners and leaderships to better identify and manage supply chain cyber security risk,” Fong said.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags AccellionGovernment Communications Security BureauNational Cyber Security CentregcsbReserve Bank of New ZealandNCSCRBNZsecuritycyber security

Events

Featured

Slideshows

Channel kicks 2021 into gear as After Hours returns to Auckland

Channel kicks 2021 into gear as After Hours returns to Auckland

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Pantry at Park Hyatt in Auckland to kick-start 2021.

Channel kicks 2021 into gear as After Hours returns to Auckland
The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Show Comments