The Cybersecurity Gaps Opened By Engaging with Supply Chains

An overwhelming 97% of the largest companies had a breach in their third-party ecosystem
Two separate studies by BlackBerry and SecurityScorecard highlight how cybersecurity gets opened up to more attack areas when engaging with supply chains

Supply chains are crucial to a business's operations; we saw how when they were disrupted by things like Covid, the panic wrought on the public, and difficulties felt by businesses. 

Companies have therefore increased the cyber protection of their “front doors” through measures such as firewalls, stronger passwords, and multi-factor identification. 

Yet this has pushed hackers to  find other ways to get to them. With Supply chains being multifaceted systems, the points of entry are bigger, and weaknesses have been spotted.  

Two recent studies by BlackBerry and SecurityScorecard have shed light on the vulnerabilities and the magnitude of the problem, highlighting the urgent need for companies to bolster their cybersecurity measures.

Third party threat

SecurityScorecard's study showed 12% of UK companies reported a direct breach in the last year.

Yet an overwhelming 97% of the largest companies had a breach in their third-party ecosystem.

The new research spotlights why a company’s cybersecurity strength is directly linked to the security measures of even its smallest vendor it deals with. 

Will Gray, Director of Northern Europe for SecurityScorecard, emphasised, "Third-party risk management is a key component of any robust cybersecurity program, and the companies represented in this report would benefit by making it a priority."

Oversight of suppliers after major supply-chain cyber attacks has becoming more of a priority, after breaches have affected thousands of businesses and breached data on millions of customers.

Will Gray, Director of Northern Europe at SecurityScorecard

Supply chains' security issues 

A BlackBerry study unveiled at a similar time echoes another cyber issue relating to the disruption of a service across multiple parties.  

The findings highlighted how 74% of software supply chains were also exposed to cyberattacks in the last twelve months.

Alarmingly, more than two-thirds (68%) of businesses uncovered hidden participants they were not monitoring for security practices. 

Following a software supply chain attack, UK IT leaders confirmed a high level of impact in terms of financial loss (62%), data loss (59%), reputational damage (57%) and operational impact (55%). 

Keiron Holyome, VP of UKI & Emerging Markets at BlackBerry, stated, "Our latest research comes at a time of increased regulatory and legislative interest in addressing software supply chain security vulnerabilities." 

These digital supply chain attacks had a greater financial impact, increasing by 11% compared to two years ago

Keiron Holyome, VP of UKI & Emerging Markets at BlackBerry

Securing solutions

The findings indicate that supply chains add an additional layer of vulnerability to cyber security that companies need to contend with, and how if dealing with multiple vendors, or software's with many developers, securing yourself is not enough to keep safe. 

“How a company monitors and manages cybersecurity in their software supply chain has to rely on more than just trust.” said Holyome, “IT leaders must tackle the lack of visibility as a priority.” 

The two studies unanimously emphasise that securing supply chains, whether physical or digital, requires a comprehensive cybersecurity strategy. As Gray warned, "The sectors and organisations in the UK need to do more now" to prepare for incoming regulations like DORA and NIS2 directive.

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand​​​​​​​


Share

Featured Articles

Founder Shield MD on Navigating Multi-Cloud Complexities

Founder Shield Managing Director Jonathan Selby talks strategies to navigating the complexities of multi-cloud set ups

Qodea CISO Explains How Cyber Threats Could Outrun Cost

Qodea CISO Business Manager Ed Russell explains how growth in sophistication and volume of attacks means current investment in defences falls short

Nokia and NL-ix Deploy Europe’s Largest IXP-Based Anti-DDoS

This collaboration between Nokia and NL-ix is unprecedented both being Largest IXP-Based Anti-DDoS, but the first anti-DDoS solution deployed by an IXP

Bridging the Gap: Examining the UK-US Data Bridge

Data Breaches

Hiddenlayer CSO Tells Why It Made an AI Security Council

Technology & AI

Cooperation Key Theme at Microsoft Endpoint Security Summit

Cyber Security