What happens when the software, scripts and code snippets that your business uses on your website and network have been compromised at the source? The compromise could be unintentional—perhaps the coders simply made a mistake. Or the compromise could be intentional—maybe hackers wrote a malicious script and promoted it as legitimate on a third-party library source to encourage users to download and install.
A recent survey by the analyst firm Gartner showed that 89% of companies experienced a supplier risk event in the last five years; however, those companies' overall awareness and plans to mitigate lacked maturity. As a result, it is no longer enough to secure your own company's infrastructure. You must also evaluate the risk posed by third-party vendors and plan to monitor those organizations for breaches.
Forrester recently predicted that in 2022, 60% of security incidents would involve third parties. Yikes! With such a large percentage of incidents taking place outside the confines of their organizations, corporate leaders need to know what to do to protect their business. So, here is a list of items to address to succeed at supply chain risk (SCR) management.
Supply chain compromises are an increasing threat that impacts a range of sectors, with threat actors leveraging access to support several motivations including financial gain (such as with the Kaseya ransomware attack) and espionage. Throughout 2020, an operation attributed to the Foreign Intelligence Service of the Russian Federation (SVR) by the U.S.
We take it for granted that food will be on the shelves when we visit the supermarket, but the recent images of empty shops and warnings of shortages have shown us how fragile the supply chain can be. This has focused minds on the security and reliability of our food supply along with other issues such as food fraud, defects and safety recall, inefficiency and food provenance and traceability.
The supply chain is under a historic amount of pressure, but the strain on its cybersecurity and risk management may be in even worse condition. As 2021 draws to a close, the global supply chain is in a state comparable to rush-hour traffic in bad weather. Everything seems to be backed up whether due to supply and demand issues, wait times at shipping ports, or any number of other delays.
Manufacturing is one of those industries that seems like a natural fit for vulnerability management, in part because these companies can be such easy targets for cyber criminals. Manufacturers in many cases operate far-flung, global facilities including factories, warehouses, and other distribution points. Increasingly, these different facilities are connected as companies look to modernize their operations through digital transformation.