Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

How secure is your digital supply chain?

By Jonathan Dambrot
aerial-view-container-cargo-ship-sea (2).jpg

Image by tawatchai07 via Freepik

June 24, 2022

Cyber risk is on the rise, fueled by an ever-growing volume of sensitive data moving across interconnected and integrated networks. Nearly every organization is operationally dependent on a robust supply chain and myriad of traditional and non-traditional partners — including suppliers, vendors and customers — that often have direct access to business systems and data.


With tens of millions of employees working from home and billions of consumers purchasing goods on their phones from anywhere, protecting mission-critical and other sensitive data within a complex ecosystem of partners has never been more essential. Enacting risk management frameworks that look both inward and outward to monitor and secure relationships with third parties is now a strategic business imperative for chief information security officers (CISOs), chief information officers (CIOs) and other information security leaders. Failing to establish adequate controls to protect partners’ data and their own, leaves companies’ entire networks vulnerable to cyberattacks.


Fortunately, C-suite leaders recognize both the challenge and importance of securing digital supply chains. A sizeable majority (79%) of chief executive officers (CEOs) say protecting their partner ecosystem is just as important as building their own organization’s cyber defenses.


Here are five ways cybersecurity leaders can secure the digital supply chains in which they operate:


1. Align security requirements throughout the process

Whether it is for a supplier, vendor or customer, properly vetting potential partners’ organizational security policies, as well as the security built into their products and services, must be baked into an organization’s contract negotiation process. 


Although this framework can provide near-real-time risk visibility, it is too time-consuming and costly for most organizations, particularly as the complexity of the partner ecosystem increases. As a result, IT leaders are transitioning away from a compliance-based strategy to a much more proactive approach that puts continuous monitoring, threat intelligence, and strict identity verification (zero trust) at the heart of their ecosystem security model.


In order to alleviate the burden of the process, some organizations, particularly in regulated industries, are turning instead to security ratings companies. These services supplement point-in-time assessments by providing security risk scores against a set of pre-defined parameters and offering detailed qualitative and quantitative analysis of partner and ecosystem risk. However, be aware, they may not satisfy every requirement.


2. Consider continuous controls monitoring to shift from focusing narrowly on compliance to adopting a more operationally based view of security

A strong risk management framework that looks both inward and outward is key, especially for high-risk industries such as financial services, energy and healthcare. Continuous assessment and monitoring (CAM) takes this a step further, moving security assessments away from point-in-time activities that become obsolete quickly. Leveraging new standards for machine readable assessments, CAM works to provide visibility to operational security challenges without increasing cost or risk.


CAM can expedite vendor cycles through the use of machine-readable assessments, which ultimately enhance risk and control oversight. However, in order to work effectively, CAM requires vendor participation across an organization’s security ecosystem. This model can inspire ecosystem partners to move from a compliance-based approach to a more operational focus that allows for corrective measures in real-time, with or without human intervention.


3. Explore opportunities to leverage automation in supply chain security


IT leaders can alleviate the time and cost of continuously vetting and monitoring their security ecosystem by embracing automation, including the use of artificial intelligence (AI) and machine learning (ML).


AI and ML can be applied to security policies to address shadow IT issues and provide better oversight of third-party Software as a Service (SaaS) products. They can also be used to implement self-service chatbots and automate many aspects of the organization’s third-party risk management processes. Automation enhances an organization’s existing risk management framework and frees up time and resources so skilled security workers can focus on more strategic activities.


In addition, the use of AI-powered digital workers can alleviate many of the low-value, high-cost, manual activities that generally burden the security teams during the assessment process. The ability for these digital team members to quickly access multiple data sources, review artifacts at wire speeds and provide a better experience for internal stakeholders and vendors, are all great reasons to begin the process of integrating this into your third-party security toolbox. 


4. Keep a close eye on regulatory requirements as they continue to evolve and focus on supply chain security

As the digital landscape becomes increasingly complex, and partners more intricately linked, cybersecurity regulations will continue to tighten, and there will be more of them. For example, the White House has issued executive orders on the U.S. supply chain, while the European Union’s NIS Directive draws clear lines around how member states, industries, and organizations need to enhance their inward and outward cybersecurity policies, especially in a post-pandemic world. For IT leaders, staying up to date on these policies is critical to protecting sensitive data and ensuring compliance.


5. Take a capacity-building approach by applying security measures to protect your broader ecosystem, in addition to your own environment

Stringent regulatory standards can help minimize the impact of third-party cyber threats, but there are situations where the participants in complex ecosystem structures — such as cloud providers, SaaS companies and Internet of Things device manufacturers — may not have clear obligations for establishing adequate controls to protect their partners’ data, leaving the entire network vulnerable to cyberattacks.

In an interconnected business world, larger, more resourceful organizations are realizing they have a responsibility to protect their supplier ecosystem, particularly partners that do not have the same level of resources. This could mean providing a monitoring service across their supply ecosystem and collaborating with partners to defend against identified threats. This is in everyone’s best interest, because if one organization is vulnerable to cyberattacks, that means its partners and other participants in its digital supply chain are as well.


Just as the pandemic revealed how intrinsically linked partners are within the physical supply chain, so too are business leaders waking up to how reliant they are on their digital supply chain partners. Becoming a “digital-first” organization requires sharing data on a near-constant basis throughout a complex and connected ecosystem of partners and suppliers, which creates numerous opportunities for cyberattackers. Today, cybersecurity leaders are not only tasked with securing their own organizations — they must also encourage their broader ecosystem to be cyber-secure, responsive and aware.

KEYWORDS: artificial intelligence (AI) cyber security risk management supply chain third party security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jonathandambrot

Jonathan Dambrot is a Principal at KPMG LLP and the Cyber Security Services U.S. Leader for Third Party Security with over 15 years of cyber leadership in third-party security and other cyber areas.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • supply-chain-sec-freepik1170x658v6.jpg

    Don’t break the chain: How to secure the supply chain from cyberattacks

    See More
  • 5mw Gardner

    5 minutes with Dr. Tommy Gardner - How to accelerate U.S. supply chain and security innovation

    See More
  • trucks

    How to mitigate & prevent supply chain security disruptions

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing