The Dark Side of Outsourcing: How to Stop the Wave of Supply Chain Attacks
Check out all the Smart Security Summit on-demand sessions here.
It's an increasingly familiar scenario. A reputable company offering a popular online service reveals that it has suffered a data breach. Cyber attackers have stolen customer names, phone numbers and credit card data, and little can be done to rectify the situation.
Leading companies such as DoorDash, Plex, and LastPass have all recently been victims of third-party supply chain attacks, but they're certainly not alone. According to “Treading Water: The State of Cybersecurity and Third-Party Remote Access Risk” – a report of more than 600 US security professionals across five industries published by the Poneman Institute – third-party attacks have increased from 44% to 49% since last year.
The actual number of attacks is likely higher, as only 39% of respondents said they were confident that a third-party associate would notify them of a breach. To stop the tide of such attacks, we need to take a close look at the market conditions and cultural factors driving these trends and why so many companies fail to implement modern solutions to meet the challenge. /p>
So what's behind this increase in supply chain attacks? In two words: cultural change. Many industries that previously operated offline are maturing into the digital age with the help of SaaS and cloud technologies, a trend that has accelerated due to the pandemic and shift to remote working. As companies rush to modernize their systems, malicious attackers see perfect targets.
EventOn-Demand Smart Security Summit
Learn about the essential role of AI and ML in cybersecurity and industry-specific case studies. Watch the on-demand sessions today.
look hereAdd to that another market trend: outsourcing. About 20 years ago, it was unheard of for organizations to outsource control of a core business, but as industries undergo digital transformation and simultaneously face labor shortages, in part thanks to the great resignation, it is much more common to rely on third-party vendors and service providers.
While initiatives to leverage third parties for greater efficiency and speed and leverage cloud technology to deliver compelling new value to the market are not in themselves bad decisions or developments, it does mean that the attack surface for malicious hackers is almost exponentially expanding.
Today, IT professionals responsible for fixing third-party vulnerabilities are under pressure. Companies improvise with varying degrees of success, sometimes creating more vulnerabilities while trying to fix others. Despite good intentions, most organizations have made no progress in third-party security in recent years, and they are paying a heavy price.
Cybersecurity breaches leave huge financial hole: more than $9 million to repair damage, according to Poneman report. Most companies are asleep at the wheel when it comes to third party supply chain threats.
Hope Is Not Strategy: Failing to Respond to Third-Party Security ThreatsIT departments need to implement more complex security strategies to deal with third-party threats, but many companies haven't invested in the tools or people needed to secure remote access and third-party identities .
According to the Poneman study, more than half of organizations spend up to 20% of their budget on cybersecurity, but 35% still...
Check out all the Smart Security Summit on-demand sessions here.
It's an increasingly familiar scenario. A reputable company offering a popular online service reveals that it has suffered a data breach. Cyber attackers have stolen customer names, phone numbers and credit card data, and little can be done to rectify the situation.
Leading companies such as DoorDash, Plex, and LastPass have all recently been victims of third-party supply chain attacks, but they're certainly not alone. According to “Treading Water: The State of Cybersecurity and Third-Party Remote Access Risk” – a report of more than 600 US security professionals across five industries published by the Poneman Institute – third-party attacks have increased from 44% to 49% since last year.
The actual number of attacks is likely higher, as only 39% of respondents said they were confident that a third-party associate would notify them of a breach. To stop the tide of such attacks, we need to take a close look at the market conditions and cultural factors driving these trends and why so many companies fail to implement modern solutions to meet the challenge. /p>
So what's behind this increase in supply chain attacks? In two words: cultural change. Many industries that previously operated offline are maturing into the digital age with the help of SaaS and cloud technologies, a trend that has accelerated due to the pandemic and shift to remote working. As companies rush to modernize their systems, malicious attackers see perfect targets.
EventOn-Demand Smart Security Summit
Learn about the essential role of AI and ML in cybersecurity and industry-specific case studies. Watch the on-demand sessions today.
look hereAdd to that another market trend: outsourcing. About 20 years ago, it was unheard of for organizations to outsource control of a core business, but as industries undergo digital transformation and simultaneously face labor shortages, in part thanks to the great resignation, it is much more common to rely on third-party vendors and service providers.
While initiatives to leverage third parties for greater efficiency and speed and leverage cloud technology to deliver compelling new value to the market are not in themselves bad decisions or developments, it does mean that the attack surface for malicious hackers is almost exponentially expanding.
Today, IT professionals responsible for fixing third-party vulnerabilities are under pressure. Companies improvise with varying degrees of success, sometimes creating more vulnerabilities while trying to fix others. Despite good intentions, most organizations have made no progress in third-party security in recent years, and they are paying a heavy price.
Cybersecurity breaches leave huge financial hole: more than $9 million to repair damage, according to Poneman report. Most companies are asleep at the wheel when it comes to third party supply chain threats.
Hope Is Not Strategy: Failing to Respond to Third-Party Security ThreatsIT departments need to implement more complex security strategies to deal with third-party threats, but many companies haven't invested in the tools or people needed to secure remote access and third-party identities .
According to the Poneman study, more than half of organizations spend up to 20% of their budget on cybersecurity, but 35% still...
What's Your Reaction?
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
