Key Takeaways:
- A new report by Risk Ledger has identified common cyber security weaknesses in the supply chain ecosystem.
- Findings reveal that many third-party suppliers do not have a supplier security policy or conduct regular penetration tests of internal systems, putting their own and their customers’ data at risk.
- The lack of visibility into supplier weaknesses remains a significant problem for companies, with a high proportion of suppliers failing to use basic cyber security controls.
Report by Risk Ledger Highlights Cyber Security Weaknesses in Supply Chain Ecosystem
As more businesses turn to third-party suppliers for goods and services, cyber security in the supply chain has become a critical concern for many organizations. A new report by British cyber security business Risk Ledger has shed light on the most common cyber security weaknesses in the supply chain and offered practical recommendations for improving third-party risk management strategies.
The report is based on proprietary data from over 2,500 suppliers that have shared information on their risk posture against over 200 cyber security controls with their customers on the Risk Ledger platform. It highlights the 12 most common weaknesses among suppliers and provides crucial benchmarking data. The report draws attention to the 17% of suppliers that do not enforce multi-factor authentication (MFA) on all remotely accessible services, the 23% that do not use Privileged Access Management controls to securely manage the use of privileged accounts, and the 20% that do not use a password manager.
With more than 60% of organizations having suffered a data breach through a third party, the report’s findings reveal that many third-party suppliers do not have a supplier security policy or conduct regular penetration tests of internal systems. These common cyber security weaknesses put not only the suppliers’ own data at risk but also their customers’ data, resulting in regulatory fines, data recovery costs, and loss of consumer trust.
The Lack of Visibility into Supplier Weaknesses
The report also highlights the biggest problem associated with supply chain cyber attacks – the almost total lack of visibility into prevailing weaknesses among suppliers. While there is a wealth of existing data on the tools hackers use to target companies, and on the effects of such attacks, there is a total lack of visibility into the main weaknesses in the security postures of suppliers that allow these attacks to be successful in the first place.
Risk Ledger’s new report gives unique insight into supplier weaknesses, allowing companies to better understand the most prevalent weaknesses in the wider supplier ecosystem, and focus remedial efforts on areas that need improvement. Risk Ledger’s CEO, Haydn Brooks commented: “To improve this situation, better data and insights into the most prevalent weaknesses in the wider supplier ecosystem are needed, so that remedial efforts can become more focused. This is the purpose of our report.”
Conclusion
Risk Ledger’s “The State of Cyber Security in the Supply Chain: Data Insights Report 2023” provides a valuable resource for companies looking to improve their third-party risk management strategies. With cyber attacks on the rise and the supply chain ecosystem becoming increasingly complex, it is essential that businesses take a proactive approach to cyber security and work to identify and address weaknesses in their supply chain. By utilizing the findings of the report, companies can better protect themselves and their customers from the devastating impact of cyber attacks. The report is available for download on Risk Ledger’s website from Tuesday, 18th April, 9am BST.
Sign up to our newsletter & get the most important monthly insights from around the world.
Ready to Amplify Your Brand with Business Today?
Discover the power of sponsored articles and partnerships to reach decision-makers, professionals, and a dynamic audience. Learn more about our advertising opportunities and connect with us today!
Click here to explore our Promotion & Sponsored Articles page.
Are you looking to make an impact? Contact us at pitch@businesstoday.news to get started!
