I had the opportunity recently at a CDM conference to lead finance and health sector CISO conversation about how the Huawei-like issues are impacting us. It was fascinating.

I was also the MC at the event, so at the start of the day I asked more generally how many people were thinking about it, and almost no one was concerned. Fast forward to after lunch, and we started with this chart –

Source: The economist.com

It didn’t take very long before we were discussing the challenges of third-party providers and the risks in provisioning at a second or third level out form what we directly control. Data thrown around (sorry, no source) would say that supply chain attacks are up 78% in 2018. The complexity of our supply chains can significantly obscure the real risks. Even M&A demands a different kind of diligence.

The consensus at the end of the conversation was that we need to dig deeper in three areas:

  • Architecture – know where your environment is outside your comfort zone
  • Inventory – know where the stuff you use could be creating an exposure
  • Supply Chain – consider where your bias for cost efficiency may be opening new exposures

The conference attendees were largely US-based or global – I wonder if we think we are more, or less exposed here in Canada?


Please enter your comment!
Please enter your name here