As supply chain vendors become a greater target, the businesses reliant upon them don’t seem to be responding with the appropriate urgency, according to new data.
The Insight Space: Supply Chain Risk report from global cyber and software resilience vendor NCC Group focuses in on the growing problem of attacks on the supply chain and how the organizations that rely on them are addressing the risk themselves – and the numbers don’t paint the picture of a confident outcome, given the massive 51% growth in attacks in the last six months:
- 49% of organizations said that they do not stipulate security standards that their suppliers must adhere to as part of their contracts
- 34% said that they do not regularly monitor and risk assess their suppliers’ cyber security strategy
- Only 32% of organizations are “very confident” that they could respond quickly and effectively to a supply chain attack
The NCCC Group recommend a multi-faceted strategy to prevent supply chain attacks that includes
- Discovery to identify supply chain risk
- Supplier assurance policy, processes, and controls
- Isolation and segmentation of systems, networks, and data
- Timely detection of supply chain attacks across your networks, systems, and applications
- Development and regular testing of appropriate incident response play and run books, based on up-to-date real-world scenarios
Many supply chain attacks can leverage the interaction between employees in your organization and your suppliers. Impersonation can play a powerful role in gaining access to a supplier’s customers, making it critical to include Security Awareness Training for your organization’s employees as a part of the strategy. Those that undergo training will learn about how impersonation can be used and that each employee must maintain a state of vigilance – even when receiving communications that look normal – to ensure the organization does not fall prey to an attack.