I had the opportunity recently at a CDM conference to lead finance and health sector CISO conversation about how the Huawei-like issues are impacting us. It was fascinating.
I was also the MC at the event, so at the start of the day I asked more generally how many people were thinking about it, and almost no one was concerned. Fast forward to after lunch, and we started with this chart –
It didn’t take very long before we were discussing the challenges of third-party providers and the risks in provisioning at a second or third level out form what we directly control. Data thrown around (sorry, no source) would say that supply chain attacks are up 78% in 2018. The complexity of our supply chains can significantly obscure the real risks. Even M&A demands a different kind of diligence.
The consensus at the end of the conversation was that we need to dig deeper in three areas:
- Architecture – know where your environment is outside your comfort zone
- Inventory – know where the stuff you use could be creating an exposure
- Supply Chain – consider where your bias for cost efficiency may be opening new exposures
The conference attendees were largely US-based or global – I wonder if we think we are more, or less exposed here in Canada?