Most Firms Rely on Trust Alone for Supply Chain Security. Don’t be Most Firms.

Most Firms Rely on Trust Alone for Supply Chain Security. Don’t be Most Firms.

Most Firms Rely on Trust Alone for Supply Chain Security. Don’t be Most Firms. 1024 581 Andrew Hay

Around 70% of global organizations could be at risk from supply chain attacks because they don’t have enough visibility into their partners’ security posture, according to a new Accenture Tech Vision research report.

The company polled over 6600 IT and business executives in 27 countries worldwide and it revealed that just 29% of global companies claim to know enough about their suppliers’ approach to cybersecurity. Even worse, over half (56%) claimed to rely on trust alone to satisfy any question marks over cyber-risk.

Even though the United States boasted among the largest number of companies with supply chain insight (35%), that still leaves a sizable number of organizations that are woefully unprepared to defend against major breaches like US retailer Target and the US Office of Personnel Management (OPM).

Many organizations continue to unknowingly expose themselves to third-party “island hopping attacks“. The attack, in which a partner is compromised and access to your network is granted through previously established access rules, exploits the trust your organization has with its partners.

The report also warned that supply chain attacks like this could account for around a quarter of the total value at risk from cybercrime over the next five years.

We at Lares® strongly advise our clients to take a multi-faceted approach to securing their supply chain partnerships:

  1. Ensure your organization has an effective and measurable information security program that includes, among other things, a detailed incident response plan in the face of a supply chain incident.
  2. Review your existing, or implement new, policies regarding the evaluation of partner security. This includes requirements for doing business with your organization such as a defined security program and associated documentation, required minimum security controls, and certification and attestation letters from independent auditors.
  3. Conduct a full, manual exploitation exercise mirroring a real-world supply chain attack against your organization. Lares has created a unique service to replicate the connection and integration into your organization’s supply chain, in order to identify vulnerabilities in its exposure.

Contact Lares today to learn how our supply chain testing capabilities and security advisory services can help your organization identify exposures and threats before a loss can occur.

Where There is Unity, There is Victory

[Ubi concordia, ibi victoria]

– Publius Syrus

Contact Lares Consulting logo (image)

Continuous defensive improvement through adversarial simulation and collaboration.

©2019 Lares, LLC | All rights reserved.
    Privacy Preferences

    When you visit our website, it may store information through your browser from specific services, usually in the form of cookies.Some types of cookies may impact your experience on our website and the services we are able to offer. It may disable certain pages or features entirely. If you do not agree to the storage or tracking of your data and activities, you should leave the site now.

    Our website uses cookies, many to support third-party services, such as Google Analytics. Click now to agree to our use of cookies or you may leave the site now.