The Cybersecurity Gaps Opened By Engaging with Supply Chains
Supply chains are crucial to a business's operations; we saw how when they were disrupted by things like Covid, the panic wrought on the public, and difficulties felt by businesses.
Companies have therefore increased the cyber protection of their “front doors” through measures such as firewalls, stronger passwords, and multi-factor identification.
Yet this has pushed hackers to find other ways to get to them. With Supply chains being multifaceted systems, the points of entry are bigger, and weaknesses have been spotted.
Two recent studies by BlackBerry and SecurityScorecard have shed light on the vulnerabilities and the magnitude of the problem, highlighting the urgent need for companies to bolster their cybersecurity measures.
Third party threat
SecurityScorecard's study showed 12% of UK companies reported a direct breach in the last year.
Yet an overwhelming 97% of the largest companies had a breach in their third-party ecosystem.
The new research spotlights why a company’s cybersecurity strength is directly linked to the security measures of even its smallest vendor it deals with.
Will Gray, Director of Northern Europe for SecurityScorecard, emphasised, "Third-party risk management is a key component of any robust cybersecurity program, and the companies represented in this report would benefit by making it a priority."
Oversight of suppliers after major supply-chain cyber attacks has becoming more of a priority, after breaches have affected thousands of businesses and breached data on millions of customers.
Supply chains' security issues
A BlackBerry study unveiled at a similar time echoes another cyber issue relating to the disruption of a service across multiple parties.
The findings highlighted how 74% of software supply chains were also exposed to cyberattacks in the last twelve months.
Alarmingly, more than two-thirds (68%) of businesses uncovered hidden participants they were not monitoring for security practices.
Following a software supply chain attack, UK IT leaders confirmed a high level of impact in terms of financial loss (62%), data loss (59%), reputational damage (57%) and operational impact (55%).
Keiron Holyome, VP of UKI & Emerging Markets at BlackBerry, stated, "Our latest research comes at a time of increased regulatory and legislative interest in addressing software supply chain security vulnerabilities."
These digital supply chain attacks had a greater financial impact, increasing by 11% compared to two years ago
Securing solutions
The findings indicate that supply chains add an additional layer of vulnerability to cyber security that companies need to contend with, and how if dealing with multiple vendors, or software's with many developers, securing yourself is not enough to keep safe.
“How a company monitors and manages cybersecurity in their software supply chain has to rely on more than just trust.” said Holyome, “IT leaders must tackle the lack of visibility as a priority.”
The two studies unanimously emphasise that securing supply chains, whether physical or digital, requires a comprehensive cybersecurity strategy. As Gray warned, "The sectors and organisations in the UK need to do more now" to prepare for incoming regulations like DORA and NIS2 directive.
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik brand