SUPPLY CHAIN – THE WEAKEST CYBERSECURITY LINK
Many of us in the UK and elsewhere may be concerned with supermarket shortages due to ongoing supply chain problems. And while these shortages are likely to persist into 2022, there’s a more alarming prospect relating to supply chain other than not having chocolate or a Christmas turkey. According to the cybersecurity company, BlueVoyant, the supply chain is the weakest cybersecurity link of them all and a prime target for hackers.
HOW BAD IS IT?
According to Fox Business, 97% of firms have been impacted by a cybersecurity breach in their supply chain. Adam Bixler, Global Head of third-party cyber risk management at BlueVoyant, told Fox Business:
“Focused attackers are continually scanning businesses for open vulnerabilities … and business trust relationships means that if a supplier is affected, it could affect an ‘upstream’ connection. This is happening despite more awareness of the risks and the rising cybersecurity budgets to deal with it. But the complexity of the people, processes, and technologies needed to build a comprehensive defense against attacks means that money isn’t always spent effectively.”
THIRD-PARTIES POSE A RISK
Third-parties pose a significant risk in supply chain cybersecurity. As more business opt for Software-as-a-Service (SaaS), the amount of data shared with third-parties is increasing exponentially. A study in September from CyberGRX based on research done by Forrester Consulting reveals that 38% of companies that experience a data breach cannot identify if the event was caused internally or was the result of weak cybersecurity of the third-party in the supply chain. The same study also confirmed that organizations recognize third-party threats but fail to take adequate measures to mitigate them.
ON THE INCREASE
In the first quarter of this year, cyber attacks on supply chains in the United States increased by 42%, impacting an estimated 7 million people. Analysis of publicly-reported data breaches in quarter one by the Identity Theft Resource Center (ITRC) found 137 organizations reported being hit by supply chain cyber-attacks at 27 different third-party vendors.
WHAT CAN YOU DO
Businesses are becoming increasingly dependent on an ever-growing number of vendors, and CEOs and CIOs are seeking to improve their risk management, response to increasing regulations and controls, and risk mitigation with regard to third parties in the supply chain. Here are some steps you can take to ensure that your precious company data doesn’t fall foul of a cyber-attack as a consequence of inadequate cybersecurity from a third-party supplier:
- only share the bare minimum of information with a third-party
- if you are no longer using a supplier, revoke their access to your applications and IT network
- ensure that third-party transactions are secure and do not use public Wi-Fi
- conduct an IT audit on any third-party to ascertain the integrity of its cybersecurity functionality
- train your staff in IT vendor risk management
If you need help with any or all of the above, I’m a call away. I have over 20 years of experience in professional business IT management, specializing in cybersecurity and risk mitigation. Contact me now and know that your IT will always be secure, regardless of the cybersecurity weak links with your third-party supply chain and vendors.