The Cybersecurity Gaps Opened By Engaging with Supply Chains

Share
An overwhelming 97% of the largest companies had a breach in their third-party ecosystem
Two separate studies by BlackBerry and SecurityScorecard highlight how cybersecurity gets opened up to more attack areas when engaging with supply chains

Supply chains are crucial to a business's operations; we saw how when they were disrupted by things like Covid, the panic wrought on the public, and difficulties felt by businesses. 

Companies have therefore increased the cyber protection of their “front doors” through measures such as firewalls, stronger passwords, and multi-factor identification. 

Yet this has pushed hackers to  find other ways to get to them. With Supply chains being multifaceted systems, the points of entry are bigger, and weaknesses have been spotted.  

Two recent studies by BlackBerry and SecurityScorecard have shed light on the vulnerabilities and the magnitude of the problem, highlighting the urgent need for companies to bolster their cybersecurity measures.

Third party threat

SecurityScorecard's study showed 12% of UK companies reported a direct breach in the last year.

Yet an overwhelming 97% of the largest companies had a breach in their third-party ecosystem.

The new research spotlights why a company’s cybersecurity strength is directly linked to the security measures of even its smallest vendor it deals with. 

Will Gray, Director of Northern Europe for SecurityScorecard, emphasised, "Third-party risk management is a key component of any robust cybersecurity program, and the companies represented in this report would benefit by making it a priority."

Oversight of suppliers after major supply-chain cyber attacks has becoming more of a priority, after breaches have affected thousands of businesses and breached data on millions of customers.

Will Gray, Director of Northern Europe at SecurityScorecard

Supply chains' security issues 

A BlackBerry study unveiled at a similar time echoes another cyber issue relating to the disruption of a service across multiple parties.  

The findings highlighted how 74% of software supply chains were also exposed to cyberattacks in the last twelve months.

Alarmingly, more than two-thirds (68%) of businesses uncovered hidden participants they were not monitoring for security practices. 

Following a software supply chain attack, UK IT leaders confirmed a high level of impact in terms of financial loss (62%), data loss (59%), reputational damage (57%) and operational impact (55%). 

Keiron Holyome, VP of UKI & Emerging Markets at BlackBerry, stated, "Our latest research comes at a time of increased regulatory and legislative interest in addressing software supply chain security vulnerabilities." 

These digital supply chain attacks had a greater financial impact, increasing by 11% compared to two years ago

Keiron Holyome, VP of UKI & Emerging Markets at BlackBerry

Securing solutions

The findings indicate that supply chains add an additional layer of vulnerability to cyber security that companies need to contend with, and how if dealing with multiple vendors, or software's with many developers, securing yourself is not enough to keep safe. 

“How a company monitors and manages cybersecurity in their software supply chain has to rely on more than just trust.” said Holyome, “IT leaders must tackle the lack of visibility as a priority.” 

The two studies unanimously emphasise that securing supply chains, whether physical or digital, requires a comprehensive cybersecurity strategy. As Gray warned, "The sectors and organisations in the UK need to do more now" to prepare for incoming regulations like DORA and NIS2 directive.

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand​​​​​​​


Share

Featured Articles

BT's Security Chief: Why AI Poses Such a Risk to Security

BT’s security chief Tris Morgan says the telecommunications group logs 200 million potential cyber attacks daily as AI drives new security challenges

How Supply Chain Cyber Threats Cost The Global Economy

Interos.ai reports physical infrastructure attacks and AI system vulnerabilities emerging as primary concerns for security leaders

How Kroll and DORA Tackle Supply Chain Cybersecurity Risks

Kroll experts highlight critical measures IT providers must adopt to protect supply chains from cyber attacks and mitigate risks from AI-enabled threats

VCARB & Dynatrace Accelerate AI For F1 Racing Performance

Technology & AI

Apple's Siri: How The Most Private AI Assistant Works

Operational Security

How The UK’s AI Plan Will Impact The Cybersecurity Sector

Technology & AI