This guest blog is authored by Edward Whittingham, Founder and MD of cybersecurity firm The Defence Works.
The Defence Works brings together hard-hitting insights, efficient practices and simple hacks to keep businesses safe and offers bite-sized cybersecurity awareness training through a range of interactive channels.
Supply-chain risk is fast becoming a prominent theme in cybersecurity.
As the cliché goes: a chain is only as strong as its weakest link – and this applies even more so when networked IT systems and shared data are involved.
According to the 2018 Ponemon Institute survey, breaches resulting from third-party security lapses are on the rise. Last year, 59% of organisations in the US and UK said one of their vendors or partners had caused a breach. Almost 75% said they believed such incidents were likely to happen again.
In my opinion, growing supply-chain complexity is to blame. On average, companies in the Ponemon survey said they shared confidential and sensitive information with 583 third parties over the course of last year.
This year, we’ve seen even more high-profile examples of the risks that supply chains pose.
In June 2019 alone, cybercriminals hacked the US Customs and Border Protection (CBP) agency through a sub-contractor, which held photos taken of travellers and their cars as they moved across border crossings on its own IT systems. And a billing provider for the US healthcare sector exposed the personal and financial information of just over 20 million people – possibly more.
In addition, June also saw police forces across the UK forced to cease all work with the country’s largest private forensics provider, after a ransomware attack destroyed or locked essential case data held on the company’s systems.
Exact details and the extent of damage to files and data wasn’t revealed, but the company, Eurofins, processes more than 70,000 cases each year, including murder and terrorism offences. It carries out DNA analysis, ballistics, toxicology, and computer forensics. Police across the country have suspended all work with the company as a result, believed to account for more than half of all outsourced casework.
While there may have been a time when organisations would take on some of the responsibility for cybersecurity across their supply chains, tolerance for breaches is fading rapidly. Businesses are now being held to account by regulators and customers for the actions (or negligent inaction) of suppliers.
Study after study tells us that customers will abandon a brand after a significant breach. Consumers now judge your company on how reliably you protect personal data. It doesn’t matter if the breach happens on a supplier’s systems. If you’re the brand that contracts the supplier and gives it access to customer data, you are to blame.
Retail and finance organisations can suffer a lingering sales drop after a breach, with a third of consumers saying they will take their business elsewhere.
Privacy protection has become a significant focus for regulators.
Knowledge and awareness are crucial for protecting your business against cyber-incidents and mitigating the damage when they occur. Many businesses are already conducting audits of their supply chains and tracking how vendors access and use shared data.
To better prepare for the possibility of a supply-chain breach, vital steps for identifying vulnerabilities include:
Every contractor and subcontractor working with customer or proprietary data needs to take ownership of cybersecurity, and protect the sensitive information it stores, receives, or transmits.
Your systems need the latest technological defences. But as we see again and again, it’s not a matter of if your system will be breached – it’s a matter of when.
Supplement your cybersecurity investment by empowering your own people: placing employees on the lookout for cyber-attacks and the signs that a hacker is trying to breach corporate networks or personal devices.
Overall, viewing cyber-risks as a daily management challenge and enlisting those at the front line to help is one of the most effective ways to stay secure.
Stay secure with UKFast’s range of cybersecurity services, designed to keep your online environment protected from the most prominent threats facing businesses right now.