According to two new reports published by Hiscox and Accenture, two-thirds of businesses are vulnerable to or experienced cyber security incidents via their supply chains.
With the Hiscox report showing that 65% of the firms surveyed had experienced one or more cyber-attacks as a result of a weak link in their supply chain in the past 12-months, it is clear that supply chain risk is a growing problem.
The Accenture report backs this by showing that globally, only 29% of businesses know the cybersecurity posture of their partners. 56% said that they rely on trust alone.
The data also shows that even sectors that require tougher regulations such as the financial services industry are not doing enough. 57% of respondents in the banking sector said they simply ‘trust’ their supply chain partners to be cyber secure.
The number of cyber-attacks via supply chains is on the rise for two main reasons.
Number one is that such attacks allow cybercriminals to target more than one company at a time creating a better return on investment.
Secondly, supply chain attacks can often remain undetected by perimeter defences as they often launched from a system already inside the defences and that are trusted by default. As seen with the recent Asus attack, such attacks can be launched through software updates without arousing suspicion.
The reports also demonstrate that the size of a business doesn’t matter when it comes to being targeted by cybercriminals.
One of the main cybersecurity myths is that smaller businesses often think themselves safe due to their small size. The data showed that the number of small firms being attacked by cyber criminals increased to 59%.
The report also showed that the average losses from cyber-attacks rose from $229,000 to $369,000, an increase of 61%. The data also showed that the number of cyber-attacks increased from the 45% recorded in 2018 to 61% so far in 2019.
Organisations of all sizes can take control of their cybersecurity by using the award-winning CyberScore™. CyberScore™ is an automated testing service that allows you to take control of your cybersecurity by detecting vulnerabilities and providing you with empirical evidence and Get-Well plans. The score itself also allows you to clearly demonstrate to the board simply where your organisation currently stands in terms of its cyber risk rating and security posture.
XQ Cyber also offers a range of incident response and consultancy services such as Penetration Testing, Cyber Posture Assessments and Incident Response preparedness and testing.
For Further Reading –