- Supply chain attacks are becoming more frequent and more dangerous
- Many security teams are worried about risks
- 70% of firms have been attacked one or more in the last one year
A new survey of SecurityScorecard suggests that cyber security leaders face serious supply chain and third party risks. The survey stated that CISOS and security professional around the world are struggling to live with the speed of expansion of threats.
The software supply chain has become a worrying weak link for firms of all sizes, as small software providers are difficult to assess and often have cyber security capabilities that can spend large outfits – small software companies with cyber criminals to get access to large firms as an intrusion point.
A shocking 88% of the respondents were either ‘very concerned’ or somewhat concerned about the supply chain cyber security risks, and even with good reasons, 70% say that he has experienced one or more ‘the third party cyber security events’ with one or more ‘the third party cyber security phenomena’.
Constant danger
Recent research suggests that third party participation in dangers in recent months has increased from 15% to 30%, and increasing dependence on digital technologies means increasing dependence on third -party software for all industries.
For example, organizations are worked with stringent cyber security practices to protect themselves. But, not everyone is convinced in their ability to do so, only 26% of organizations have included supply chain safety in their cyber security programs-most rely on ‘point-in-time, sellers-supply assessments or cyber insurance.’
Cyber security can also be heavy for firms with powerful capabilities, and about 40% of respondents stated that issues are their biggest challenge with priority to data surcharge and threats.
“Supply chain cyber attacks are no longer isolated events; they are a daily reality,” said Ryan Sherstobitoff, Field Chief Threat Intelligence Officer of Securitycard.
“Still violation continues as the third-party risk management remains inactive to a large extent, focusing on assessment and compliance checklist rather than action. This old approach fails to operate those insight that collects it. What is it is not a shift for active defense: Third-parting risk teams and safety operating centers will be a shift between the risk teams and safety operations centers.
