



IT management companies may have to follow updated new security standards. Only 1 out of 20 companies procuring digital services that have been asked for feedback on managed service providers and plans address vulnerabilities in a broad supply chain.

New proposals are being considered to help UK companies manage the cyber risks linked to their supply chain.

The Digital, Cultural, Media, and Sports Department (DCMS) is calling for input on a number of measures to increase the security of digital supply chains and third-party IT services that businesses use for tasks such as data processing and infrastructure management.

According to a DCMS survey, only 12% of organizations review cybersecurity risks from direct vendors, and only 1 in 20 companies (5%) address vulnerabilities in the wider supply chain.

The National Cyber ​​Security Center (NCSC) already identifies business-wide cybersecurity risks and vulnerabilities, such as the Cyber ​​Assessment Framework, and provides advice on providing specific supply chain security for organizations to assess their vendor’s security risks. It offers a lot of support to help you. And supplier warranty instructions.

The government has also helped organizations improve cyber risk management during the pandemic, including 500,000 funding to help critical providers in the healthcare sub-sector increase readiness and resilience through the Cyber ​​Essentials Scheme.

However, as organizations increasingly move their operations online, digital supply chain and third-party IT service operators are becoming increasingly important to businesses that operate on a daily basis and are critical to business continuity and resilience. The government is looking for ways to do more to support UK businesses.

Digital Infrastructure Secretary Matt Warman said:

There is a long history of outsourcing important services. We’ve seen an attack from an organization like CloudHopper infected through a managed service provider. It is essential to remember that organizations cannot take steps to protect their mission-critical supply chain and outsource risk.

Businesses must follow the free government advice provided. They should take steps to protect themselves from vulnerabilities and make sure that third-party kits and services are as secure as possible.

As a first step in considering whether you need updated guidelines or hardened rules, we sought input from companies procuring and delivering digital services.

The government wants a view of the existing guidance on supply chain cyber risk management and is also testing the suitability of the proposed security framework for companies managing organizational IT infrastructure known as managed service providers.

The proposal could require managed service providers to meet the current Cyber ​​Assessment Framework, 14 cybersecurity principles designed for organizations that play a vital role in everyday life in the UK.

The framework establishes the actions the organization should take, such as:

Have policies to protect devices and prevent unauthorized access Ensure data protection at rest and on the go Keep safe and accessible data backups Educate employees and pursue a positive cybersecurity culture.

The department seeks industry feedback on good supplier risk management practices based on government advice set out in supply chain security guidelines and supplier assurance questions.

Requests for feedback on supply chain cybersecurity will open from May 17th to July 11th, 2021.

NCSC assists organizations in assessing vendor security risks, including advice on identifying cybersecurity risks and vulnerabilities across the business, such as the Cyber ​​Assessment Framework, and provides specific supply chain security and vendor assurance guidance.

The government has also helped organizations improve cyber risk management during the pandemic, including 500,000 funding to help critical providers in the healthcare sub-sector increase readiness and resilience through the Cyber ​​Essentials Scheme.

Digital Minister Oliver Dowden put forward a list of 10 technology priorities earlier this year emphasizing maintaining online safety and security in the UK and asked for comments after the government announced a groundbreaking defense and security integration review. The integrated review set a goal to solidify the UK’s position as a responsible and democratic cyber powerhouse and announced its commitment to announcing a new national cyber strategy later this year. This strategy sets how the UK is building a more resilient digital nation and realizing the benefits cyberspace can bring.

