Risk Ledger survey of 2500+ suppliers reveals key supply chain cyber security weaknesses | News Direct

Risk Ledger survey of 2500+ suppliers reveals key supply chain cyber security weaknesses 40% of third-party suppliers do not conduct regular penetration tests of internal systems and 32% do not have a supplier security policy.

News release by Risk Ledger

facebook icon linkedin icon twitter icon pinterest icon email icon London, UK | April 18, 2023 08:22 AM Eastern Daylight Time

Attackers are targeting under-resourced suppliers with weaker defences as a way of disrupting or compromising larger organisations. The notable ransomware attack on a supplier to semiconductor giant Applied Materials is expected to lead to $250m in lost sales. With well over 60% of organisations having suffered a data breach through a third party, this regularly results in regulatory fines, huge data recovery costs and loss of consumer trust.

Spotlighting the key security weaknesses in the supply chain ecosystem, cyber security business Risk Ledger is publishing its ‘State of Cyber Security in the Supply Chain 2023’ report on Tuesday, 18th April. The report is based on proprietary data from over 2,500 suppliers that have shared information on their risk posture against over 200 cyber security controls with their customers on the Risk Ledger platform. Based on its findings, it draws attention to the 12 most common weaknesses among suppliers and offers practical recommendations by cyber security experts for improving organisations’ third-party risk management strategies.

Some of the major findings revealed in this report include:

17% do not enforce multi-factor authentication (MFA) on all remotely accessible services. MFA is the simplest, most effective way to keep hackers out of your online accounts. However, whilst MFA is simple to implement, it does increase friction for the user and is therefore often provided as an optional setting which needs to be intentionally configured. This often leaves MFA disabled and the accounts vulnerable to unauthorised access through password theft.

23% do not use Privileged Access Management controls to securely manage the use of privileged accounts. Highly privileged accounts are the ultimate target for attackers. With high privileges, an attacker will be able to access more sensitive (and more valuable) data, and modify security detection tools to cover their own tracks.

20% do not use a password manager. People are terrible at remembering passwords, which means employees create insecure passwords like qwerty123. This is not their fault! Businesses need to provide a practical alternative.

All three of these weaknesses are common causes of cyber security incidents and a high proportion of third, fourth and fifth party suppliers are not using controls to protect themselves or their customers in these areas.

The perhaps biggest problem associated with supply chain cyber attacks is the almost total lack of visibility into the prevailing weaknesses among suppliers. There is a wealth of existing data on the tools hackers use to target companies, and on the effects of such attacks, allowing cyber security professionals to put specific defences in place. There has been a total lack of visibility, however, into the main weaknesses in security postures of suppliers that allow these attacks to be successful in the first place. Risk Ledger’s new report gives this unique insight.

Risk Ledger's CEO, Haydn Brooks
Risk Ledger's CEO, Haydn Brooks

Risk Ledger’s CEO, Haydn Brooks commented: “Companies rarely run security assurance against more than 10% of their immediate third-party suppliers, while visibility into the risks existing further down the chain remains almost non-existent. To improve this situation, better data and insights into the most prevalent weaknesses in the wider supplier ecosystem are needed, so that remedial efforts can become more focussed. This is the purpose of our report. We want to share the insights we have obtained from suppliers on the Risk Ledger platform with the wider security community, allowing them to use our findings to benchmark their own suppliers against their peers.”

Risk Ledger’s “The State of Cyber Security in the Supply Chain: Data Insights Report 2023” will be available for download on Risk Ledger’s website from Tuesday, 18th April.

 

About Risk Ledger

Risk Ledger is an award-winning cyber security start-up that was founded in 2018 by Haydn Brooks and Daniel Saul with a mission to shift the way organisations approach cyber security in the supply chain. Built on the idea of a social network, organisations using Risk Ledger can connect with and continuously monitor their suppliers' risk controls, including security, financial and ESG, and work together through the Risk Ledger platform to remediate any risks. Risk Ledger's client base includes organisations like BAE AI, City of London Police, Telenor, Scottish Rail, the UK Health Security Agency, among many others.

 

Contact Details

 

Risk Ledger

 

Bilal Mahmood

 

+44 7714 007257

 

b.mahmood@stockwoodstrategy.com

 

Company Website

 

https://riskledger.com/