- Supply chain attacks are becoming more and more frequent and more dangerous
- Many security teams are concerned about the risks
- 70% of companies have undergone one or more attacks in the past year
A new SECURITYSCORECURCARCE survey reveals that cybersecurity leaders are faced with a serious supply chain and with third party risks. The survey stresses that CISOs and security professionals around the world find it difficult to keep up with the rhythm of threat widening.
The software supply chain has become a disturbing weak link for companies of all sizes, as small software suppliers are difficult to assess and often do not have cybersecurity capacities that large organizations can afford – cybercriminals choosing small software companies as an intrusion point to access large companies.
An amazing 88% of respondents were either “very concerned” or “somewhat concerned” of the risk of cybersecurity of the supply chain, and with reason too, because 70% say that they have known one or more “Cybersecurity Incidents Third Parties”, with 5% of 10 or more in the past year.
Persistent threats
Recent research suggests that the participation of third parties in threats has doubled from 15% to 30% in recent months, and increasing dependence on digital technologies also means increasing dependence on third -party software for all industries.
As such, organizations are responsible for strict cybersecurity practices to maintain itself safe. But, not everyone has their confidence in their ability to do so, with only 26% of organizations incorporating the security of the supply chain in their cybersecurity programs – most rely on “occasional assessments, provided by suppliers or cyber -assurance”.
Cybersecurity can be overwhelming, even for companies with powerful capacities, and almost 40% of respondents said that overload of data and threat prioritization problems are their greatest challenge.
“Cyberattacks of the supply chain are no longer isolated incidents; They are a daily reality, “said Ryan Sherstobitoff, Head of Intelligence of Land Threats at SecurScorecard
“However, violations persist because third -party risk management remains largely passive, focused on assessments and compliance control lists rather than action. This obsolete approach fails to operation the information it brings together. Threats – integrated detection and response will not be integrated. »»
