The Cybersecurity Gaps Opened By Engaging with Supply Chains

Two separate studies by BlackBerry and SecurityScorecard highlight how cybersecurity gets opened up to more attack areas when engaging with supply chains

Supply chains are crucial to a business's operations; we saw how when they were disrupted by things like Covid, the panic wrought on the public, and difficulties felt by businesses. 

Companies have therefore increased the cyber protection of their “front doors” through measures such as firewalls, stronger passwords, and multi-factor identification. 

Yet this has pushed hackers to  find other ways to get to them. With Supply chains being multifaceted systems, the points of entry are bigger, and weaknesses have been spotted.  

Two recent studies by BlackBerry and SecurityScorecard have shed light on the vulnerabilities and the magnitude of the problem, highlighting the urgent need for companies to bolster their cybersecurity measures.

Third party threat

SecurityScorecard's study showed 12% of UK companies reported a direct breach in the last year.

Yet an overwhelming 97% of the largest companies had a breach in their third-party ecosystem.

The new research spotlights why a company’s cybersecurity strength is directly linked to the security measures of even its smallest vendor it deals with. 

Will Gray, Director of Northern Europe for SecurityScorecard, emphasised, "Third-party risk management is a key component of any robust cybersecurity program, and the companies represented in this report would benefit by making it a priority."

Oversight of suppliers after major supply-chain cyber attacks has becoming more of a priority, after breaches have affected thousands of businesses and breached data on millions of customers.

Will Gray, Director of Northern Europe at SecurityScorecard

Supply chains' security issues 

A BlackBerry study unveiled at a similar time echoes another cyber issue relating to the disruption of a service across multiple parties.  

The findings highlighted how 74% of software supply chains were also exposed to cyberattacks in the last twelve months.

Alarmingly, more than two-thirds (68%) of businesses uncovered hidden participants they were not monitoring for security practices. 

Following a software supply chain attack, UK IT leaders confirmed a high level of impact in terms of financial loss (62%), data loss (59%), reputational damage (57%) and operational impact (55%). 

Keiron Holyome, VP of UKI & Emerging Markets at BlackBerry, stated, "Our latest research comes at a time of increased regulatory and legislative interest in addressing software supply chain security vulnerabilities." 

These digital supply chain attacks had a greater financial impact, increasing by 11% compared to two years ago

Keiron Holyome, VP of UKI & Emerging Markets at BlackBerry

Securing solutions

The findings indicate that supply chains add an additional layer of vulnerability to cyber security that companies need to contend with, and how if dealing with multiple vendors, or software's with many developers, securing yourself is not enough to keep safe. 

“How a company monitors and manages cybersecurity in their software supply chain has to rely on more than just trust.” said Holyome, “IT leaders must tackle the lack of visibility as a priority.” 

The two studies unanimously emphasise that securing supply chains, whether physical or digital, requires a comprehensive cybersecurity strategy. As Gray warned, "The sectors and organisations in the UK need to do more now" to prepare for incoming regulations like DORA and NIS2 directive.


Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024


Cyber Magazine is a BizClik brand​​​​​​​


Featured Articles

SolarWinds: IT Staff Dubious on Organisation's AI Readiness

A recent trends report by SolarWinds reveals that very few IT professionals are confident in their organisation's readiness to integrate AI

Is Stress a Driving Force Behind the Cyber Skills Shortage?

A SenseOn study has showed 95% of IT leaders in the UK and Ireland say stress impacts their ability to retain staff

Rapid7 AI Engine Update Sees Gen AI Supporting SOC With MDR

Rapid7's enhanced AI Engine will now use machine learning models and new Gen AI models to separate real attacks from false alarms

Google Securing WFH with Zscaler and Netskope Partnership

Network Security

Why Have Cybersecurity Budgets Soared for TMT Companies?

Operational Security

Mandiant's Analysis Unveils Cause of Snowflake Data Theft

Operational Security