Report: Supplier cyber weaknesses impact big business

A recent report released by Risk Ledger, State of Cyber Security in the Supply Chain 2023, spotlights the key security weaknesses in the supply chain ecosystem. The report is based on proprietary data from more than 2,500 suppliers that have shared information on their risk posture against more than 200 cyber security controls with their customers. Suppliers surveyed were global including from United Kingdom (62%), the United States (20%) and other countries.

The report draws attention to 12 of the most common weaknesses among suppliers such as 51% do not have a 24/7 security or reception team at all physical premises.

Other key highlights include:

17% don’t enforce multi-factor authentication (MFA) on all remotely accessible services.
23% do not use Privileged Access Management controls to securely manage the use of privileged accounts.
20% do not use a password manager.

According to the report, these are just some of the weaknesses that are common causes of cybersecurity incidents and a high proportion of third, fourth and fifth party suppliers are not using controls to protect themselves or their customers in these areas.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.