Around 70% of global organizations could be at risk from supply chain attacks because they don’t have enough visibility into their partners’ security posture, according to a new Accenture Tech Vision research report.
The company polled over 6600 IT and business executives in 27 countries worldwide and it revealed that just 29% of global companies claim to know enough about their suppliers’ approach to cybersecurity. Even worse, over half (56%) claimed to rely on trust alone to satisfy any question marks over cyber-risk.
Even though the United States boasted among the largest number of companies with supply chain insight (35%), that still leaves a sizable number of organizations that are woefully unprepared to defend against major breaches like US retailer Target and the US Office of Personnel Management (OPM).
Many organizations continue to unknowingly expose themselves to third-party “island hopping attacks“. The attack, in which a partner is compromised and access to your network is granted through previously established access rules, exploits the trust your organization has with its partners.
The report also warned that supply chain attacks like this could account for around a quarter of the total value at risk from cybercrime over the next five years.
We at Lares® strongly advise our clients to take a multi-faceted approach to securing their supply chain partnerships:
- Ensure your organization has an effective and measurable information security program that includes, among other things, a detailed incident response plan in the face of a supply chain incident.
- Review your existing, or implement new, policies regarding the evaluation of partner security. This includes requirements for doing business with your organization such as a defined security program and associated documentation, required minimum security controls, and certification and attestation letters from independent auditors.
- Conduct a full, manual exploitation exercise mirroring a real-world supply chain attack against your organization. Lares has created a unique service to replicate the connection and integration into your organization’s supply chain, in order to identify vulnerabilities in its exposure.
Contact Lares today to learn how our supply chain testing capabilities and security advisory services can help your organization identify exposures and threats before a loss can occur.