Streamline your cloud experience and maximise your cloud investment with Microsoft Azure-aligned public cloud services.
Host all of your workloads in the most appropriate location while experiencing the simplicity of one cloud from Six Degrees.
Enhance your cyber security and safeguard your organisation with our cyber security strategy and advisory, consultancy, and managed services.
Connect your business through a comprehensive connectivity portfolio delivered via our owned and operated core Next Generation Network (NGN).
Access the smarter, faster technology needed to make the most of your hybrid working future.
Streamline your hosting with comprehensive colocation services delivered from three UK data centres.
Gain clarity and control of your 5G estate, ensuring ongoing cost efficiencies are managed on your behalf through our managed service.
Gain confidence in your cloud direction and achieve accelerated time to value through our assured and optimised cloud services.
Master today’s complex threat landscape and protect your business with our intelligence-led security services.
Videos and webinars are a great way to digest the latest technology insights.
Our eBooks and whitepapers provide in-depth insights from our experts.
Our thought leaders publish regular blogs on up-to-the-minute topics.
Learn all about the latest news from Six Degrees as we continue to evolve.
We host regular in-person and virtual events for our clients.
Learn how we enable our clients to achieve more; providing superior secure solutions, powered by our passionate people.
We are proud to partner with many of the world’s leading vendors, enabling you to leverage our continual investment in difference-making technology.
Learn how CNS at Six Degrees delivers intelligence-led security services that protect organisations in today’s hostile landscape.
We are committed to operating in an environmentally and socially conscious way. Learn more about our commitments as a business.
We are proud of our secure cloud credentials. Learn why we’re one of the most highly accredited providers in the UK.
We are a friendly and passionate bunch here. Whether you want to work with us or for us, we think you’ll enjoy the Six Degrees experience.
Home » Blogs » Supply Chain Security Made Simple: Top Tips to Shore Up Your Cyber Defences
Supply chain security shot onto everyone’s radar in December 2020 when news broke of a cyber-attack that utilised compromised SolarWinds software to target US federal agencies. And the attacks haven’t stopped – more recently, software provider Codecov suffered a supply chain attack that went undetected for over two months. For many organisations, it may feel like supply chain security is the final Rubicon they need to cross before either jumping head-first into shoring up their cyber defences or throwing in the towel completely.
The latter option is, from an emotional perspective at least, understandable – it’s hard enough to protect your own organisation in today’s hostile digital landscape without having to worry about other organisations in your supply chain posing risks to your operational integrity. This is especially true for law firms, who manage highly confidential information on a daily basis and for whom any reputational damage suffered as a result of a data breach could be terminal. At Six Degrees though we’re not fans of burying our heads in the sand, and we don’t think you should be either. Because even if you can never fully negate the supply chain security threats you face, there are steps you can take to minimise them.
In this blog we’ll explain what supply chain security is, and the steps you can take to shore up your cyber defences.
Your organisation has never been more reliant on supply chains to deliver products and services to your end users. Whether it’s legal technology, outsourcing functions like finance or marketing, or working with algorithm and data providers, your supply chain is critical to your law firm’s ability to remain operational and deliver high quality legal services.
Hackers know this, and will actively target organisations in your supply chain in order to disrupt your operations and gain a foothold into your environment. And even if they don’t target you through your supply chain, any disruptions to your suppliers resulting from a cyber-attack can cause significant collateral damage to you as a result.
You may well work with suppliers that integrate with and have access to you network. Pay special attention to these suppliers, as any compromises they suffer can project directly into your network and act as a launchpad for ransomware and business email compromise (BEC) attacks.
A BEC attack is, broadly speaking, a type of phishing email. What makes it so dangerous is its targeting and sophistication. BEC attacks are most commonly targeted at individuals responsible for handling money within organisations, and through carefully thought out methods their aim is to trick the individual into transferring money to an offshore bank account.
BEC attacks require diligence to address, as they often use sophisticated social engineering to convince victims to part with their money. Part of your supply chain considerations should include diligence around suppliers you make payments to, ensuring processes are in place to double- and triple-check that every payment made is legitimate.
The National Cyber Security Centre (NCSC) has proposed a series of 12 principles, designed to help you establish effective control and oversight of your supply chain. You can learn more about these principles by following the link above, but in summary the principles are:
By following these best practice principles, you will minimise the supply chain security risks you face. But what questions should you be asking to build an understanding of your organisation’s security posture, along with the security posture of your clients?
Whether you are assessing your organisation’s supply chain security, auditing the security of businesses in your supply chain, or you are being asked by a client about your own security posture, here are three key questions you should consider – and the context behind why.
If one of your key partners (supplier/customer) experienced a cyber-attack that impacted their ability to provide services to you, have you understood what impact that could have on your operations? This can cover services such as logistics or more ingrained services within your operations such as accounts payable/HR. Data services such as the latter will no doubt have considerations around PII and other data protected by GDPR, for example.
Ransomware has impacted organisations’ ability to operate. Defence in depth plays a big part in detecting and mitigating the impact of a successful attack. What layers of defence have your suppliers applied against this real threat?
Misconfigurations and multiple ingress/egress points are prime access points for hackers. Third party access points are often less secure, as they may not be tightly monitored for abuse. Have the principles of least privilege and other controls been implemented to ensure the highest levels of control against abuse?
In our new infographic we provide six more questions you should ask your suppliers to ensure you’ve protected your organisation and mitigated security risks in your supply chain.
Now is not the time to rest on your cyber security laurels – supply chain security should be taken seriously by all organisations if they are to minimise the risks they face. Supply chain security doesn’t need to be onerous to implement – by applying diligence and best practices, you can safeguard your operational integrity and build trust with the businesses that sit throughout your supply chain.
All organisations need to take proactive steps to address the financial, operational and reputational risks they face in today’s increasingly hostile digital landscape. Partnering with an experienced, credible cyber security provider will allow you to establish your organisation’s risk appetite and enhance your cyber security posture. Click here to arrange a call with one of our experts today.
As law firms return to a ‘new normal’…
Today’s workspace extends far beyond your firm’s headquarters.…
Protecting legally privileged information becomes more complex when…
More information on our Privacy and Cookies Policy can be found here: https://www.6dg.co.uk/privacy-cookies/. You can update how we contact you in the future by visiting our Communications Preference Centre here: https://www.6dg.co.uk/preference-centre/.
