https://www.fintechfutures.com/wp-content/themes/fintech_child/assets/images/logo/fintech-logo-2.png
  • Home
  • News
  • Intelligence
    • Back
    • Features & Analysis
    • Interviews
    • Reports & Surveys
    • White Papers
    • Case Studies
    • Webinars
    • Podcasts
    • Videos
    • Library
    • Techwire
    • Browse
  • Publications
    • Back
    • Banking Technology Magazine
    • Supplements
    • Daily News at Sibos
    • Subscribe to Magazine
  • Content Hub
    • Back
    • COVID-19: Industry Impact & Response
    • Diversity & Inclusion
    • Food for Thought
    • I’m Just Saying
    • The Heart of the Matter
    • Fintech Agony Uncle
    • It’s a Matter of Comms
    • Challenger Banks Guide
  • Videos
  • WTF? Podcast
  • Awards & Events
    • Back
    • Banking Tech Awards
    • Banking Tech Awards USA
    • PayTech Awards
    • FinTech Futures Edge: PayTech
    • All Events
  • Advertise
  • Jobs
  • More
    • Back
    • About us
    • Contact us
    • Advertising / Media Kit
    • Banking Technology Magazine Calendar
    • Reports Calendar
    • FinTech Futures Newsletter
  • FinTech
  • BankingTech
  • PayTech
  • RegTech
  • WealthTech
  • LendTech
  • InsurTech
  • US Edition
    • Intl. Edition
Banking Technology
  • NEWSLETTER
  • Home
  • News
  • Intelligence
    • Back
    • Features & Analysis
    • Interviews
    • Reports & Surveys
    • White Papers
    • Case Studies
    • Webinars
    • Podcasts
    • Videos
    • Library
    • Techwire
    • Browse
  • Publications
    • Back
    • Banking Technology Magazine
    • Supplements
    • Daily News at Sibos
    • Subscribe to Magazine
  • Content Hub
    • Back
    • COVID-19: Industry Impact & Response
    • Diversity & Inclusion
    • Food for Thought
    • I’m Just Saying
    • The Heart of the Matter
    • Fintech Agony Uncle
    • It’s a Matter of Comms
    • Challenger Banks Guide
  • Videos
  • WTF? Podcast
  • Awards & Events
    • Back
    • Banking Tech Awards
    • Banking Tech Awards USA
    • PayTech Awards
    • FinTech Futures Edge: PayTech
    • All Events
  • Advertise
  • Jobs
  • More
    • Back
    • About us
    • Contact us
    • Advertising / Media Kit
    • Banking Technology Magazine Calendar
    • Reports Calendar
    • FinTech Futures Newsletter
  • Search
  • US Edition
    • Intl. Edition
  • newsletter
  • FinTech
  • BankingTech
  • PayTech
  • RegTech
  • WealthTech
  • LendTech
  • InsurTech
fintechfutures.com


20 questions you should ask to ensure you’re doing enough on cyber-supply chain risk management

  • Written by FinTech Futures
  • 4th June 2015
Phil Huggins

Phil Huggins is vice president of security science at Stroz Friedberg, an investigations, intelligence and risk management company.

With reports suggesting hackers have siphoned off up to $1 billion from 100 banks across 30 countries as part of a targeted attack, there are heightened concerns over the cyber-threat facing the banking sector.

Supply chains are a potential weak link and banks have been stepping up their pressure on vendors and suppliers to do more to protect themselves from online intrusion. However, many are still not doing enough to combat such risks. There are 20 key questions banks should ask themselves when developing a strategy for cyber-supply chain risk management, writes Phil Huggins.

The recently published Allianz Risk Barometer identifies both supply chain and cyber-risk as top five business risks for 2015, and cyber-supply chain risk intersects both of these: suppliers can be disrupted as a result of cyber-attack or be a vector in a direct attack. Supply chains are complex, layered, globally-distributed, constantly changing and hyper-connected, targeted by criminals using increasingly sophisticated tactics.

There is not a single solution or standard that effectively solves this problem. Instead there is a set of tools and approaches that work, depending on your risk appetite, your threat landscape, your budget and your own cyber-defence capabilities. You need a well-considered strategy for cyber-supply chain risk management, based on five key operating principles:

  • Risk-based prioritisation of suppliers with a focus on the sources of threat
  • Building and maintaining trusted relationships with suppliers
  • Commitment to providing clarity of requirement to suppliers
  • Pragmatic measurement of suppliers
  • Pro-active regular and open feedback to suppliers

Cyber supply chain risk is not new and some institutions have long-running programs for third-party cyber-security assurance already in place. However there are laggards, while the increase in sophistication and automation of cyber-attacks also throws doubt on the validity of many mature risk management programs. When developing the cyber-supply chain risk management strategy, therefore, it is important to ask:

1. Are your critical business processes dependent on any particular participants?

2. Do your resilience plans make assumptions about the operational capabilities of other players in the market?

3. Do you place high levels of trust in the staff or IT of any particular participants?

4. Do any of the participants in your supply chain have a heightened threat profile?

5. Do your suppliers’ risk governance processes provide similar levels of assurance as your own?

6. Have your suppliers identified their key cyber-threats and do they have robust plans in place to manage them? What control definitions or standards do they use?

7. Do your suppliers have the key controls you believe will mitigate your risks? Are they designed appropriately and operated effectively?

8. Do you measure the external cyber-hygiene indicators of your key suppliers? Do you provide clear and actionable feedback on this to them on a regular basis?

9. Have you built trust relationships with key suppliers? Do you use regular forums and communications in a manner similar to your customer relationship management?

10. Do you share your threat assessments and your risk profile with your suppliers? Have you made it clear you expect them to digest it and provide similar content in return?

11. Do your contracts include your ‘red-line’ risks and controls that you expect to be closely managed?

12. Can you use your purchasing power and the size of your supply chain to obtain discounts from controls vendors on behalf of your supply chain? Can you drive or contribute to community CERTs for your supply chain?

13. Have you reviewed the available controls across your supply chain and considered if your own implementations are better and suitable for extending to your suppliers?

14. Have you considered combining capability sharing with a cyber-insurance policy you purchase on behalf of the supply chain, to provide an incentive for suppliers to take advantage of the offer?

15. Have you assessed your suppliers in context of your own challenges in staffing and sustaining security functions?

16. Have you encouraged your chief information security officer and the wider security team to establish consultative relationships with your suppliers?

17. Have you ensured that contractual sanctions exist as a fall-back for a failure in the relationship with suppliers?

18. Would your management enforce cyber-supply chain risk management contractual requirements?

19. Have you ensured executive management are briefed on the current state of supplier cyber-risks and on the potential requirement to enact sanctions or even terminate relationships?

20. Have you ‘war-gamed’ a major cyber-attack on or via your supply chain with your executive management team?

For an effective and appropriate cyber-supply chain risk management strategy you should be able to answer these questions positively – or have a plan for how these will be addressed.

Phil Huggins is vice president of security science at Stroz Friedberg, an investigations, intelligence and risk management company. He will be taking part in the Banking Technology Forum on 23 June. 

Tags: Cryptocurrency, Cybersecurity Stroz Friedberg Analysis, Industry Comment Worldwide

READ NEXT


  • Roxe
    Blockchain paytech Roxe to go public via SPAC merger in $3.6bn deal
  • What the Actual Crypto is going on?
  • State of play: Money 20/20 Europe
  • Why I do want to use crypto to buy my pizza

Leave a comment Cancel reply

-or-

Log in with your FinTech Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Fintech Jobs


Related Content

  • Hanseatic Bank
    Hanseatic Bank to streamline transaction authentication with Netcetera
  • Video: fintech news pick of the week - Standard Chartered, PayPal and Trulioo
  • Circle raises $440m in financing to drive expansion
  • Interview: Jason Blick, EQIBank – is DeFi the future of finance?

Top stories

The hottest news this week

Click here to read

Magazine

Banking Technology Magazine June 2022 issue out now

6th June 2022
view all

Webinars

Webinar: Winning with data in the cloud

10th June 2022

Webinar: How to keep up with the card payments industry upstarts and capitalise on the opportunities

27th May 2022

Webinar: What are the top trends and technologies transforming financial services?

26th April 2022
view all

Fintech Jobs

Reports & Surveys

Report: Northern Ireland fintech – leaders in ESG

17th May 2022

FinTech Futures Industry Survey & Report 2022

6th May 2022

Report: Digital transformation and trends in financial services

6th May 2022
view all

Podcast

What the FinTech? | S.3 Episode 9 | Smart applications for AI and ML

21st June 2022

What the FinTech? | S.3 Episode 8 | A hybrid approach to wealth management

1st June 2022

What the FinTech? | S.3 Episode 7 | The future of digital payments

12th May 2022
view all

Videos

Video: Lead Bank at FinovateSpring 2022 – Digital transformation for community banks

2nd June 2022

Video: IncredibleBank at FinovateSpring 2022 – Diversity and inclusivity in fintech

2nd June 2022

Video: Wells Fargo at FinovateSpring 2022 – BaaS and open banking

1st June 2022
view all

White Papers

White paper: Intelligence capabilities for AML and CFT regulatory compliance

26th May 2022

White paper: Digital lending – how technology transforms banks

17th May 2022

White paper: How to select a digital lending solution – the ultimate guide

17th May 2022
view all

Events

PayTech Awards 2022

Find out more

Banking Tech Awards USA 2022

Find out more

Content Hubs

Sibos 2021 Content Hub

1st September 2021

The heart of the matter: a customer-centric look at fintech

4th August 2021

Diversity & Inclusion Hub

9th April 2021
view all

Media Packs

FinTech Futures Media Pack

Download

FinTech Futures Intelligence Media Pack

Download

Techwire

CAI Software Helps Clients Simplify E-Commerce Payments

24th June 2022

Clarus R+D Announces New CEO

24th June 2022

AnalytixInsight Announces Changes to InvestoPro Board of Directors

23rd June 2022

GreenBox POS becomes one of the industry’s first to ensure real-time custodial account attestations through agreement with Armanino

23rd June 2022

KopenTech Launches Revolutionary KTX DirectBidding™ Offering to Enable Direct Peer-to-Peer CLO Trading

23rd June 2022

Lokyata Announces Systems Integration with Infinity Software, Bringing Enhanced Loan Decisioning Capabilities to Lending Institutions

23rd June 2022

Balaji Devarasetty Named to 2023 Constellation Research Business Transformation 150

23rd June 2022

Paywallet Chosen to Join Mastercard Global Start Path Open Banking Program as Inaugural Member

23rd June 2022
view all

Twitter

FinTech_Futures

@stripe simplifies bank transfers for UK, EU and Mexican businesses #Payment processing giant @stripe says it has… twitter.com/i/web/status/1…

24th June 2022
FinTech_Futures

What is #corebanking? Having spent 30 years in #banking #technology asking what core banking is seems a strange qu… twitter.com/i/web/status/1…

24th June 2022
FinTech_Futures

What the Actual #crypto is going on? The last few months, especially weeks, have been difficult in the realms of c… twitter.com/i/web/status/1…

24th June 2022
FinTech_Futures

#Fintechs Stanhope and Stenn hire new CPOs as they look to scale Paytech veteran Rob Groombridge joins Ireland-bas… twitter.com/i/web/status/1…

24th June 2022
FinTech_Futures

#SME #paytech @SumUp raises €590m at €8bn valuation This latest round of debt and equity funding brings SumUp’s to… twitter.com/i/web/status/1…

24th June 2022
FinTech_Futures

Video: How @Payoneer prevents #financial crime with @ThetaRayTeam's tech Payoneer trusts ThetaRay’s #AI Powered Tr… twitter.com/i/web/status/1…

24th June 2022
FinTech_Futures

B2B #BNPL fintech @hokodotech raises $40m in Series B funding round UK-based start-up Hokodo has secured $40 milli… twitter.com/i/web/status/1…

24th June 2022
FinTech_Futures

@Mambu_com welcomes four new senior leadership hires Fernando Zandona was appointed as chief technology officer (C… twitter.com/i/web/status/1…

24th June 2022

Sign up for the FinTech Futures newsletter

Receive updates straight to your inbox each day

New issue of Banking Technology Magazine out now

Available to download for free

Banking Tech Awards USA - 2022 Winners

Congratulations to all of this year's winners!

FinTech Futures Jobs

Find a job or post a vacancy

Fintech Futures
  • About us
  • Advertise with us
  • Contact us
  • Fintech jobs
  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.