Supply Chain Cyber Security

Tuesday, 15 May 2018


The digital transformation of the global supply chain allows companies to work closer together, integrating data and often sharing information to create efficiencies while reducing costs. Yet each supplier brings a risk of introducing vulnerabilities to your network and it is estimated that round 80% of data breaches originate in the supply chain. A supply chain is only as cyber-secure as its weakest link and we have seen smaller organisations being targeted and used as a vehicle to access corporate infrastructures:


  • Equifax - US Credit Rating Company Equifax suffered a breach which resulted in the loss of over 100 million user details. The breach was blamed on a weakness introduced via their supply chain.
  • Debenhams –a breach resulting in the loss over 20000 user details originated in a cyber-attack within their supply chain via the supplier of their online florist services.

From global conglomerates to SMEs – we all need to address the inherent cyber-security risks within our supply chain. Data can be damaged accidentally, accessed by cyber-criminals or employees who are an insider threat. Undertaking an audit of your suppliers and understanding who has access to which levels of your corporate data is the first step to addressing risk. It can be useful to categorise suppliers so you can consider how best to manage the risks they bring. A supplier who provides services on-site will bring different risks to those who provide ICT services and can access your company data. It can be useful also to consider your rules on subcontracting, consultants and partners. Once you have established who has access to what categories of data, you can work out how to manage the risks and introduce methods of monitoring and evaluation.


Cyber –security certification

While you can be safe without certification, they can be a useful method of ascertaining that your suppliers take cyber-security seriously. There’s an increasing requirement within the tendering process for certification to a recognised cyber-security standard:



  • Internationally recognised standard ISO 27001 outlines best practise for a robust Information Security Management System and requires an ongoing commitment to external audits & continual improvements to check standards are being maintained. There is no central database of certification – you need to check with each individual supplier.

Our technical consultants have a strong understanding of both schemes and we are accredited ACE Practicioners of the Cyber Essentials scheme. We have supported many of our IT support customers across Glasgow, Edinburgh and central Scotland in becoming certified and we are happy to help you work out which of the available certifications is best suited to your business needs. Contact us for more info.

RedMosquito provides IT support across Glasgow, Edinburgh and throughout Scotland.


T 0141 348 7950
Glasgow 27 Panorama Business Village, Glasgow. G33 4EN
Edinburgh 8 Albany Street, Edinburgh EH1 3QB


facebook gplus twitter linkedin


Formed in 1999 Red Mosquito provide a complete one-stop technical consultancy service offering managed services IT support, computer maintenance, computer networking and Cloud Services to businesses in Scotland and beyond. We operate as a complete outsourced IT department dealing with all of the day to day administration and configuration of our client's systems.

Based at our Operations Centre in Glasgow and in Edinburgh, we're in the business of providing top quality IT services driven by our passion for technology. Our team of experienced IT support engineers operates throughout Scotland keeping your servers and desktop computers running smoothly so that you can concentrate on what's really important - your business.

We are your IT department.

Case Studies

  • Russel & Aitken

    Founded in Falkirk in 1818 Russel & Aitken is one of the oldest legal firms in Scotland. From the start they have been associated with innovative new technologies and today they continue to maintain a modern and progressive approach to their business.

  • CMS Windows Ltd.

    When Red Mosquito started working with CMS in early 2011 our first task was to fully understand a complex business and the needs of its employees....