Only a few global businesses have been completely monitoring the security of their external suppliers even though a majority of security leaders have expressed concern regarding the security of their supply chains, reports The Register.
Seventy-nine percent of organizations said that cybersecurity programs have been implemented by less than half of their third-party suppliers' dependents and dependencies, while 62% noted that their security protocols were attained by less than half of their third and nth-party suppliers, according to a SecurityScorecard report. Moreover, vendor onboarding and offboarding processes have been adopted by only 38% of organizations, while only 26% have been performing joint tabletop exercises with vendors. Such findings were deemed by SecurityScorecard to necessitate a "holistic" cybersecurity strategy to combat supply chain attacks. "While traditional third-party risk management had its place, it's time for leaders to move beyond prevention and toward resilience. The next wave of third-party cyber incidents won't wait for better processes," said SecurityScorecard.
Seventy-nine percent of organizations said that cybersecurity programs have been implemented by less than half of their third-party suppliers' dependents and dependencies, while 62% noted that their security protocols were attained by less than half of their third and nth-party suppliers, according to a SecurityScorecard report. Moreover, vendor onboarding and offboarding processes have been adopted by only 38% of organizations, while only 26% have been performing joint tabletop exercises with vendors. Such findings were deemed by SecurityScorecard to necessitate a "holistic" cybersecurity strategy to combat supply chain attacks. "While traditional third-party risk management had its place, it's time for leaders to move beyond prevention and toward resilience. The next wave of third-party cyber incidents won't wait for better processes," said SecurityScorecard.
