Supply Chain Attack: The Challenges and MisconceptionsWhy Businesses in the Philippines Need a Better Understanding of Third-Party Rules
What's the best way to overcome lack of supply chain visibility? What are the privacy challenges of storing, transferring and allowing third parties to use personal data? Two experts - Mel Migriño, chairman and president of the Women in Security Alliance Philippines, and Keala Mae M Bleza, junior partner at Gatchalian and Castro - share their thoughts on how to navigate cybersecurity and regulatory issues across multiple countries and industries. Both Migriño and Bleza are part of the Women in Security Alliance Philippines.
"One of the challenges for companies would be to be able to balance their business interest versus complying with regulations. It starts with how the company or the business organization actually understands the meaning of protecting data versus how the law actually sees it," Bleza says.
One of the challenges facing many companies is understanding the restrictions on the flow of data, which means they refrain from asking customers for their personal information, Bleza says. These questions, however, should be asked since they are relevant to the business decisions. "So we have to close the gaps in misconception," Bleza says.
According to Migriño, disparate cybersecurity requirements are a major challenge, "including security protocols and architecture from one country to the other or even from one industry to the other. The other challenge is the lack of supplier readiness, awareness and resources for a sound cybersecurity program and the lack of awareness about supplier security requirements."
In this video interview with the Information Security Media Group, the two also discuss:
- How to put the right policies in place;
- Common misconceptions around supply chain and third-party relationships;
- How to gain more visibility into your supplier's supply chain.
Migriño has more than 20 years of combined experience in information security management, cybersecurity governance, assurance and operations, application and infrastructure security, IT infrastructure management and operations, operational technology security and cloud security. She has worked across multiple industries, including financial services, technology and consulting, energy distribution, power generation and telecommunications.
In addition to her role at Gatchalian and Castro, Bleza is the data protection officer at Liberty Insurance Corp.