The Weakest (Supply Chain) Link

Everyone is a supplier.

Suppliers are only a risk.

Suppliers are not important.

Suppliers should be feared.

Having a risk conversation.

Ignoring smaller suppliers.

Conducting a financial audit.

Implementing all possible controls.

To treat all suppliers equally.

To apply the same controls to all.

To tailor controls to the supplier's impact.

To avoid any risk assessments.

A fixed URL for security requirements.

A clause to ignore minor breaches.

A disclosure statement for breaches.

A list of all possible security measures.

All suppliers have the same needs.

Suppliers always agree to terms.

Suppliers never change their requirements.

Each organization has its own methodology.

By being less reliable than in-house solutions.

By having a reputation for safeguarding data.

By offering unlimited storage.

By being cheaper than other solutions.

Cloud providers are never secure.

Cloud security is not important.

Cloud providers are always secure.

Cloud security is only about availability.

Complete elimination of all risks.

Risk management over mere security.

Securing all data at any cost.

Ignoring minor threats.

To avoid any security measures.

To ensure it is always empty.

To apply the same security measures everywhere.

To identify relevant risks and protections.

Quantification is purely scientific.

All risks are easily quantifiable.

Quantification is unnecessary.

Reputational impact is hard to quantify.