Cyberattacks against SolarWinds and other widely implemented software offerings exposed a supply chain rife with exploitable weaknesses. (Stephen Foskett/CC BY-NC-SA 2.0)
Cyberattacks against SolarWinds and other widely implemented software offerings exposed a supply chain rife with exploitable weaknesses. And still, most enterprises have little insight into the plethora of suppliers plugged into their networks.
While 80% of the 1,500 technology and procurement chiefs surveyed by BlueVoyant had experienced at least one breach caused by a third-party vendor 12 months prior, most (anywhere from 71% to 81%, depending on the industry) don’t monitor all third-party suppliers for cyber risk.
The finding shouldn’t come as a complete surprise – organizations operate in networks that on average include 1,409 vendors, the report found. And the numbers vary among the six sectors BlueVoyant reviewed, with those organizations in business services managing the most vendors on average – 2,572 in all.
“Once you multiply the software supply chain by those vendors, your digital footprint kind of increases exponentially,” Austin Berglas, a former senior FBI agent and global head of professional services at BlueVoyant, told SC Media.
Often, too, monitoring is as insufficient as it is sporadic, given the proliferation of threats and the quick action of attackers.
“You have limited resources inside the organization and when you have sometimes over 2,000 vendors, it’s very hard to get your hands around and arms around” third-party risk, said Berglas. “A lot of the organizations just assess and report two to three times a day or even just yearly…which is not nearly enough. We all know companies have gotten into that sort of point-in-time compliance, and I think for years security experts have warned th ..
Support the originator by clicking the read the rest link below.
