Ed Savage, PA cyber security expert, is quoted in an article on cyber crime in supply chains as they are seen as the ‘weakest link’.
Ed comments on the opportunity that cyber criminals are seeing with supply chains: “It’s much easier to target companies that are less well protected. For people targeting a company such as a major bank, there’s been a real move to target the bank’s advisors or major suppliers who may be less well protected, but may still have access to the same information.”
Ed goes on to explain that some cyber attacks may also be used to steal information on tenders from a rival bidder: “In some countries they believe it to be part of normal business and therefore they will activate any means possible to find out about any companies they are competing against.”
Ed goes on to explain what can be done to protect against a cyber attack. He believes that one major problem in procurement is that people do not always understand the risks they are trying to protect against.
“I find a lot of buyers are spending big money on technical products without having really looked at the assets they’re trying to protect and what their priorities are, so they end up wasting quite large amounts of money,” he says.
The articles goes on to explain that Ed has developed a new cyber-security British Standard, PAS 555 - a set of 30 clauses that can be dropped into a contract to cover cyber security issues. Ed explains: “The great thing about it is that it specifies the outcomes of good security rather than specifying lots of detailed inputs. If you are going to procure services, you want to specify outcomes because it then allows the knowledgeable supplier to determine the best way of doing the how.”