Marsh found nearly 70% of respondents do not assess the suppliers and/or customers they trade with for cyber risk. 50% of respondents also stated their organisations have not been asked to demonstrate a competent standard of their IT security practices to their bank and/or customers to do business with them.
Stephen Wares, Marsh’s cyber risk practice leader in Europe, said more work needs to be done to consider cyber security as a business issue, as opposed to a technical problem.
“This is especially true for larger organisations, which attract highly motivated and sophisticated hackers that might identify smaller business partners that are typically less well protected as the ‘back door’ into their IT systems,” he said.
Organisations should include supply chain security as part of their strategy to reduce the risk of data breaches, an expert panel told attendees of Infosecurity Europe 2015 in London.
Information security weaknesses at suppliers have been responsible for several high-profile breaches in recent years, including malware-laced phishing emails sent via an air-conditioning supplier to US retailer Target in 2013.
Cited and more on this story at Computer Weekly
How do you assess the Security risk that your third party providers bring to your front door?
This ties in quite nicely with a recent published post Supply chain Risk: Defending Business Continuity & Improving Cyber Security
We had a webinar a few weeks ago on this subject; recording in link below:
Led by ZeroDayLab’s Managing Director, Kevin Roberts (left) and Pre-Sales Manager, Stuart Peck (right); the webinar was hot on the heels of the latest supplier breach suffered by TalkTalk, and looked at supply chains, breaches and how you can get better visibility and management over your risk..
The revelation of UK firms neglecting to adequately assess insider cyber threats rings alarm bells within the cybersecurity realm, highlighting a critical blind spot in safeguarding digital infrastructures. This concerning trend unveils a significant oversight within corporate cybersecurity strategies, where the focus on external threats often overshadows the potential risks posed by insiders. The failure to conduct comprehensive assessments of internal vulnerabilities exposes organizations to substantial risks, including data breaches, espionage, and sabotage orchestrated by employees or trusted entities. This revelation underscores the urgent need for a paradigm shift in cybersecurity protocols, urging companies to fortify defenses against both external and internal threats through robust monitoring, employee education, and proactive risk mitigation measures to safeguard sensitive assets effectively.
ReplyDeleteMotorcycle Accident Law Firm