The deadline for EU Member States to transpose the NIS2 directive, which provides for numerous measures to increase cyber security, is in October. One focus is on improving digital supply chain security – through the implementation and optimization of Third-Party Risk Management (TPRM).
Some companies are already well positioned in this area. Especially in highly regulated industries and large companies, TPRM is now well developed. However, for many SMEs, that count as critical infrastructure and therefore also must follow NIS 2, the situation is different. In its paragraph 56, the introduction to the NIS2 directive points out that SMEs – in connection with supply chain attacks – are increasingly becoming the focus of cybercriminals’ attacks, precisely because they are usually less robust in terms of TPRM.
In fact, the risk of attack from supply chains has been growing for all organizations. According to a global survey conducted by BlueVoyant at the end of last year, cyberattacks on companies’ digital supply chains have increased by no less than 26 percent from the previous year alone.
Improve supply chain security
It is therefore no wonder that the new NIS2 directive also proposes measures to improve digital supply chain security. Companies are explicitly required to assess the quality of risk management measures and cyber security procedures of their suppliers’ and service providers’ products and services and to take this into account when making business decisions.
To meet this requirement, many organizations will need to expand their pool of security tools. They will need to create the necessary infrastructure to continuously monitor and analyze third-party risks in real time and proactively participate in their remediation. This task can hardly be accomplished manually. There is a lack of specialists. Therefore, organizations’ human experts will need a backup: tools that use Artificial Intelligence (AI) or Machine Learning (ML) to monitor their digital supply chains.
TPRM to the rescue
The best AI/ML-supported Supply Chain Defense or TPRM solutions to help with new NIS2 requirements will enable:
- multi-level, continuous real-time monitoring of all digital supply chains
- detection and alerting of security incidents with a low false positive rate
- rapid analysis and elimination of supply chain risks
- simplified, AI-powered evaluation, management and analysis of third-party risk data to demonstrate compliance
Equipped with a modern automated TPRM solution, even small and medium-sized companies will be able to successfully manage the risks associated with the supply chains of their suppliers and service providers, proactively reduce them and act in a demonstrably (NIS2) compliant manner.
VP Sales at BlueVoyant