Supply Chain Breaches | Protect Your Business & Data – Technologist

In today’s interconnected business landscape, the world’s largest companies are facing near-universal risks from supply chain breaches. Recent data from a report mentioned in this article reveals that the vast majority of these companies are exposed to significant threats due to their reliance on technology suppliers who have experienced cybersecurity incidents. This underscores the urgent need for immediate and robust supply chain management and cybersecurity practices to ensure operational resilience.

Who is at risk and why?

A staggering 1,980 of the world’s 2,000 largest companies* have direct connections to technology suppliers that have recently suffered cybersecurity incidents or data breaches. This finding, highlighted by companies at the Black Hat security conference, reveals that 99% of the companies on Forbes’ Global 2000 list are vulnerable to multi-party supply chain attacks. Notable UK large companies such as AstraZeneca, BP, Diageo, HSBC, and Vodafone are reportedly exposed.

What are the repercussions for companies without tight cyber security?

The financial repercussions of these breaches are immense, with losses potentially reaching $80 billion (£62,546,800.00) over the past 15 months. The study also found that 20% of the Global 2000 companies use over 1,000 IT products, each representing a potential entry point for cyber threats. The interconnected nature of these organisations amplifies the risk, as noted in the report. It was pointed out that while the Global 2000 companies generate $51.7 trillion in revenue, their interdependencies make them highly susceptible to severe cyber risks as targets for cyber criminals.

The Impact of Cyber Incidents on Organisations

Recent incidents, such as the 2023 breaches involving Progress Software’s MOVEit product and the July 2024 CrowdStrike disruption, have highlighted the fragility of global IT systems. These events have demonstrated the potential for widespread disruption and chaos caused by concentration risk. SecurityScorecard compared the current state of global IT systems to a “precarious house perched on a cliff’s edge,” warning that similar incidents are likely to occur.

Adopting Know Your Supply Chain (KYSC) Principles

Given the escalating risks, companies must adopt Know Your Supply Chain (KYSC) principles as part of their business resilience strategies. Understanding the dependencies within an organisation is crucial for IT and security teams to respond effectively to incidents. Critical steps in a KYSC strategy include:

1. Continuous External Attack Surface Monitoring: Automated scanning to identify and mitigate IT and cyber risks in supplier, agency, and partner environments.
2. Identifying Single Points of Failure: Mapping critical business processes and technologies to find potential flashpoints and collaborating with relevant suppliers to create a watchlist for enhanced attention.
3. Monitoring Suppliers’ IT Deployments: Keeping abreast of their IT deployments to identify and resolve hidden risks from their supply chains.

What are the next steps?

The near-universal risk of supply chain breaches among the world’s largest companies highlights the critical need for comprehensive supply chain awareness and cyber security management. By adopting KYSC principles and implementing tight cybersecurity measures, companies can safeguard their operations and contribute to the stability of the global economy. Understanding and managing supply chain risks is about preventing disruptions and protecting the foundational elements of our interconnected business environment.

*Security Scorecard