This guidance outlines how the UK financial sector can better manage third-party information security risks. It includes a mapping of current mitigation activities across six key risk areas and a case study on the SolarWinds supply chain attack. The document highlights the importance of understanding supplier dependencies, embedding security into procurement processes, and using tools like EDR, NDR, and deception technologies. It also provides practical recommendations aligned to the NIST cybersecurity framework to help firms identify, protect, detect, respond to, and recover from third-party cyber threats.

Click here to access the document.