Risk Ledger, London-based cybersecurity company, part of the UK's Government's LORCA program, has produced a white paper designed to guide professionals who manage supply chain risks on how to tackle the situation. Over 60 percent of security breaches originate in an organization's supply chain such as third-party app developers or payment processors, says the report. This supply chain breach of Lockheed Martin, Tesla, Space X and Boeing is just the tip of the iceberg according to Risk Ledger.
While conducting research for the white paper, Risk Ledger found that extraordinary pressure is being put on IT and security teams to secure remote working infrastructure and other crisis measures.
Haydn Brooks, Founder and CEO of Risk Ledger, said, "We see many companies, particularly medium-sized service providers in the supply chains of large enterprises, struggling to maintain good security controls at the same time as we see cyber criminals stepping up their attacks to take advantage of the COVID-19 chaos. It is a dangerous situation.”
Many companies, notes the white papers, have had to build and configure new systems overnight, including the setup of VPNs and multi-factor authentication, to allow teams to connect with corporate networks and applications using devices at home. This has increased the attack surface of most organizations. The combination of these two forces - the increasing rate of successful cyberattacks and the increased attack surface of most organizations - will lead to an increase in the number of successful data breaches over the next few months, says Risk Ledger. Data suggests that small and medium-sized enterprises will be hit the hardest by this wave of attacks due to lower security budgets, but larger organizations with established security teams will also feel the impact of this through their supply chains, adds the company.
As the economic impacts cause the pace of procurement to slow, an opportunity arises for procurement and security teams to review their supplier assurance and due diligence processes, says the white paper. It gives security teams downtime to catch up on the backlog of suppliers whose security controls they have been unable to review in a meaningful way. According to Risk Ledger, there are four key things that an organization’s procurement and information security teams need to do give their organization visibility of the risk and to begin to mitigate it.
- Know who your suppliers are.
- Run a risk assurance program.
- Brief the board.
- Form a crisis team to effectively react to supply chain incidents and develop and incident response plan for critical suppliers.
Organizations need to have good understanding of the security and financial posture of their supply chains, and this need is only amplified during COVID-19 crisis and associated financial uncertainty, says Risk Ledger.
Those who don’t take action are exposing themselves to serious and potentially existential risks, notes the white paper, such as considerable financial repercussions and long-term reputational damage if they suffer a breach.
For more detailed findings and recommendations, please visit https://riskledger.com/downloads/covid19/#utm_source=pr&utm_medium=press&utm_campaign=COVID-19-wp