Bylines Cloud Security Device & IoT Threat Detection & Defense

The Future of Cyber Supply Chain Risk Management: Collaboration is Key

Hoo Chuan Wei October 22, 2024

3 minutes read

By Chuan Wei Hoo, Chief Information Security Officer, StarHub

In 2023 alone, supply chain-related cyberattacks surged by 40%, and the latest 2024 Verizon Data Breach Investigation Report revealed that 15% of the reported cybersecurity breaches involved a third party vendor. These figures are a stark reminder that supply chain security vulnerabilities can reverberate throughout entire industries, especially as global supply chains become increasingly digitised. It’s no longer just about protecting individual organisations; it’s about securing the entire ecosystem.

Yet current practices fall short of international ambitions to build cyber resilience throughout supply chains, with a lack of established guidance for supply chain management – in particular, collaborative information sharing. Supply chain security should no longer be seen as just an IT issue; it should be a matter of collective defence. The true question now is: Why are we still operating in silos? The answer isn’t just rooted in technology or capability—it’s a complex web of gaps in trust, varying legal frameworks, and traditional competitive approaches.

Challenges to information sharing

Supply chains are a symbiotic network, dependent on the combined strength of vendors, suppliers, and partners. However, cybersecurity practices currently are far from collective. Despite the clear benefits of a collaborative defence, resource and intelligence sharing remains scarce. This approach has proved increasingly dangerous. When a supply chain attack strikes, the impact ripples far beyond the initially compromised target.

Several factors can hinder effective information sharing, key challenges include:

Commercial, regulatory, and legal concerns: Companies may hesitate to share vulnerabilities due to fears of reputational damage, competitive risks, or legal liabilities, especially with evolving regulations.
Silos: Information flow is often limited by organisational and sectoral silos, excluding smaller or non-traditional players who could benefit most from collaboration.
Timing: Information is often shared reactively after an incident, leaving businesses with little time to respond proactively.
Workforce shortages: Smaller organisations, lacking cybersecurity expertise, are often the most vulnerable yet the least equipped to share or act on critical information.
Human factors: Trust is essential for effective information sharing, but factors like enforcement and the reluctance to appear vulnerable can inhibit transparency.

Ways forward in information sharing

To build a resilient digital ecosystem, the focus should shift to proactive collaboration, where larger organisations with robust security capabilities take the lead in helping smaller counterparts and third parties enhance their defences. This new model emphasises inclusivity, where smaller players aren’t left out but actively supported through shared best practices, security controls, and early engagement before incidents occur.

Key principles for this new approach include:

Proactive capability building: Large entities, including governments and enterprises, should take the lead in sharing actionable security insights and tools with their suppliers, especially focusing on vulnerability management, incident response planning, and identity access controls.
Inclusivity across networks: Information sharing networks must become more inclusive by fostering connections within supply chains and creating opportunities for smaller organisations to contribute and benefit from shared knowledge. This could involve forming new supplier communities or improving collaboration across sectors.
Leveraging technology for scale: Moving towards a digital commons, where common standards for information sharing and real-time monitoring can create a shared view of security posture across networks, allowing for more efficient allocation of security resources and minimise duplication of effort.

Achieving true cyber resilience across supply chains requires more than mere compliance; it demands a fundamental shift in our approach to security and collaboration. Leading organisations must drive this change by sharing not only threat data but also actionable insights to strengthen the entire ecosystem. This evolution from reactive to proactive, from siloed to integrated, is essential. A unified approach, leveraging real-time collaboration and shared standards, will revolutionise our ability to manage and mitigate risks.

The stakes are high, and the time for change is now. By committing to transparency and mutual support, we can build a robust, resilient digital infrastructure that can withstand the rapid pace of cyber threats.