Three Key Steps To Securing The Supply Chain

99% of Global 2000 companies have been linked to a supply chain breach, according to SecurityScorecard and The Cyentia Institute.

Supply Chain
(Photo: Adobe Stock / AimasterPhoto)

The interconnected nature of modern business means that a vulnerability in one part of the supply chain can have far-reaching consequences, potentially impacting the entire ecosystem. Massive third-party incidents like Change Healthcare, MOVEit, and SolarWinds underscore the critical need for robust supply chain cybersecurity.

New research from SecurityScorecard and The Cyentia Institute identified 99% of Global 2000 companies are directly connected to vendors that have had recent supply chain breaches. Prompted by new SEC cybersecurity requirements demanding transparency around third-party breaches, this report highlights the escalating risk of multi-party supply chain attacks.

Key Findings
  • 99% of Global 2000 companies are directly connected to a breach.
  • 20% of these megacompanies use a thousand or more products.
  • Supply chain incidents cost 17X more to remediate and manage than first-party breaches.
  • The estimated total losses from Global 2000 breaches ranged between $20 billion and $80 billion over 15 months.
  • Global 2000 companies face significant concentrated risk due to their interdependence, with 90% acting as vendors to each other.
  • The top 8 most widely deployed vendors are used by at least 80% of Global 2000 companies, with 4 of the top 5 reporting a recent breach.

“While the Global 2000 boasts $51.7 trillion in revenue, their interconnectedness exposes them to severe cyber risks – with 99% directly connected to breached vendors and incidents that can tally into the tens of billions,” said Wade Baker, Partner and Co-founder at The Cyentia Institute.

Know Your Supply Chain

Whether caused by a malicious DDoS attack or a faulty patch update, the end result of a supply chain event is the same: Users are denied access to critical systems.

Knowing Your Supply Chain (KYSC) is becoming an increasingly important component of cyber resilience. Understanding the dependencies within your organization and those of your vendors is critical for responding to incidents effectively. Even the most reliable vendors and partners can experience issues.

Key steps to securing the supply chain include:

  1. Continuously monitor the external attack surface: Safeguard your IT ecosystem with continuous automated scanning. Identify and mitigate IT infrastructure and cybersecurity risks across vendor, agency, and partner environments.
  2. Identify single points of failure: Map the critical business processes and technologies to identify any single points of failure. Create a watch list with these vendors.
  3. Automatically detect new vendors: Passively monitors vendors’ IT deployments to identify and resolve hidden risk.

“The world is only beginning to grasp the potential for chaos caused by concentration risk. Understanding and managing your supply chain is critical to protect business continuity. It’s not just about preventing disruptions; it’s about safeguarding the very foundation of our interconnected economy,” said Ryan Sherstobitoff, Senior Vice President of Threat Research and Intelligence.

Click here to learn more about cybersecurity and cyber resilience.

Business Continuity, Crisis Management, Cyber, Disaster Recovery, Enterprise Risk, Featured, Safety and Security, Security, Technology

Business Resiliency, Change Healthcare, Cyber Resilience, Cyberattacks, Cybersecurity, Emergency Preparedness, MOVEit, resilience, security, SecurityScorecard, SolarWInds, Supply Chain Disruption, technology, The Cyentia Institute

Sponsored Content
Featured Video

Webinars, Podcasts & Videos

Business Continuity Webinar

Did You Miss Our Latest Business Continuity Webinar?

It's not too late! You can still watch the “Business Continuity Exercise Planning and Facilitation Techniques To Start Now” video webinar.

facility resilience webinar

From Prevention To Action: The Role Of Facilities Management In Handling Emergencies And Maintenance

This free webinar on facility resilience will provide actionable strategies to safeguard assets, protect lives, and ensure operational continuity.

adaptive decision-making

Listen Now: Decision-Making During A Crisis

Robert C. Chandler, Ph.D, Founder and Principal of Emperiria discusses his research on adaptive decision-making in this podcast.

Receive the latest articles in your inbox

Share to...