Security News > 2021 > October > Worldwide supply chains vulnerable as businesses lack visibility into suppliers

Worldwide supply chains vulnerable as businesses lack visibility into suppliers
2021-10-13 04:30

Companies still not prioritizing their vulnerable supply chains Only 13% of companies said that third-party cyber risk was NOT a priority, a drop compared to last year when 22% of companies said that supply chain and third-party cyber risk was not on their radar.

Adam Bixler continues: "Budget increases demonstrate that firms are recognising the need to invest in cybersecurity and vendor risk management. However, the wide yet consistent array of pain points suggests that this investment is not as effective as it could be. This, tied to the lack of visibility, monitoring and senior-level reporting, underscores a lack of strategy when approaching third-party cyber risk which unfortunately is only going to lead to more breaches."

The business services sector had the highest headcount in its cybersecurity or risk teams and correspondingly were most likely to be monitoring third-party risk daily.

The healthcare sector exhibited the highest rate of third-party cyber risk awareness and 55% said identifying risk was a key priority, compared to an average of 42%. However, this sector also reported high breach figures, with 29% reporting 6-10 breaches in the last 12 months, compared to an average of 19%. Manufacturing respondents were least likely to identify supply chain/third-party cybersecurity risk as a key priority and were most likely to be reporting on an annual basis only.

Adam Bixler comments: "Our research shows that there are large concentrations of unknown third-party cyber risk across vertical sectors, supply chains and vendors worldwide and organizations are experiencing frequent vendor-originated breaches. While budgets are rising, the critical question is where funds should be directed to make a tangible impact to reduce third-party cyber risk. A lack of visibility, strategy and monitoring means the situation is unlikely to improve until it gets the appropriate attention."

Jim Rosenthal, CEO at BlueVoyant, concludes: "Auditing or assessing your supply chain every few weeks or months is not sufficient to stay ahead of agile, persistent attackers. Continuous monitoring and quick action against newly discovered critical vulnerabilities needs to become the essential condition for effective third-party risk management."


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/LWBDzcgdxNo/