"Almost all Organizations are Working with Recently Breached Vendors"

With the rise of supply chain attacks, the security of suppliers, clients, and business partners is under increased scrutiny.  This led security rating provider SecurityScorecard and the Cyentia Institute to investigate organizations' worldwide vendor risk exposure in a new study.  The researchers found that 98.3% of organizations worldwide work closely with at least one third-party vendor that has been breached in the last two years and that over 50% of them have an indirect relationship with 200 fourth-party vendors (third-party vendor's partners or suppliers) that have been breached in the last two years.  The researchers noted that this high degree of exposure to supply chain breaches comes from various factors.  First, organizations rely on a high number of third and fourth parties.  On average, a business maintains a relationship with 10 third-party vendors, 15.5 in the healthcare sector and 25 in the information services industry.  Then, for every third-party vendor in their supply chain, organizations typically have indirect relationships with 60 to 90 times that number of fourth-party relationships.  The researchers also found that third-party vendors fare significantly lower in terms of security than primary organizations.  For instance, according to SecurityScoreCard's rating system, "twice the proportion of primary organizations achieves the highest security rating of A, while third parties are nearly five times more likely to receive an F on their scorecard."  Moreover, researchers found that organizations with poor security posture and lower security scores have twice the number of third-party vendors and 10 times the number of fourth parties, thus multiplying the risks.  To reduce their exposure to these risks, the researchers stated that organizations should be more aware of what they and their partners have installed and whether it is updated regularly and patched when needed. 

 

Infosecurity reports: "Almost all Organizations are Working with Recently Breached Vendors"

Submitted by Anonymous on