Secure Your Clients Against Third Party/Supply Chain Risk Fast
CISA has declared April National Supply Chain Integrity Month. But you don’t have to be a US-based business to benefit from this helpful reminder! No business is an island and third-party/supply chain risk is snowballing for every organization. As a flood of records stolen in data breaches continues to fuel cybercrime from the dark web, your clients are at an increased risk for BEC, ransomware, spear phishing, impersonation scams and so much more. this problem isn’t going away anytime soon. In fact, expect it to continue getting worse. You’ll want to review your clients’ security posture against third-party and supply chain risk today(TPR/SCR) – and we’re here to help you address vulnerabilities fast!
Almost Every Business Experienced a TPR/SCR Risk in 2020
In an increasingly interconnected world, companies are more intertwined than ever before. MasterCard’s Risk Recon unit reported on the proliferation of risk factors that businesses face today in The State of Third-Party Risk. Their survey respondents said that when it came to the necessity of checking vendors for cybersecurity risks, one-third assessed fewer than 25 vendors annually, another third checked between 25 and 100 and the last third dealt with more than 100 vendors. About 5% of respondents were in charge of assessing more than 750 third per year! Even a highly reputable major vendor like Microsoft could saddle businesses with an unexpected vulnerability.
Just because they’ve reached out to assess cybersecurity procedures and policies at a potential third party or supply chain connection, that doesn’t mean that the connection is safe. While 81% of respondents claimed that 3/4 of their vendors pass their security questionnaires, only 14% of those surveyed trust those responses. 31% of respondents stated that they have vendors they considered to be a material risk in the event of a data breach. That tracks with other industry data indicating that an astonishing 98% of monitored organizationsclocked a threat from a supplier domain in 2020.
Don’t miss these bad password lists & good password tips. DOWNLOAD IT>>
More Dark Web Data = More TPR/SCR
Why are organizations facing more relationship risk than ever before? An enormous amount of data hit the dark web last year, including an estimated 22 million new records. Experts already estimated that 65% of the information on the dark web at the start of 2020 could harm businesses. Those new records and other scraped or stolen information provide abundant fresh fuel for cybercrime, increasing everyone’s risk. Threats from suppliers’ jacked domains are also a huge problem. Cybercriminals piggybacking on legitimate business domains has increased risk in every sector. About 74% of those threats are phishing attempts or impostor schemes, and almost 30% were malware-related.
Newly ascendant supply chain and third-party risks have had a profound impact on business security. When looking at the fallout, another survey reported that 80% of respondents had suffered at least one breach via the supply chain, a majority had suffered at least two breaches and one in ten had suffered more than six. The manufacturing sector was especially beleaguered, with 57% of survey respondents saying they have suffered breaches related to supply chain exposure in the past 12 months. Visibility is a major concern – 29% of the executives said they had no way of knowing if a risk was spawned at a vendor until it became a cyberattack on their business.
Mitigating This Risk Isn’t Impossible
TPR/SCR may be growing, but there’s no reason why your clients can’t gain some peace of mind against it when you guide them into taking a few practical, affordable steps to minimize their exposure and keep their data safe. The best part is that not only will these moves protect them from TPR/SCR, they’ll also gain additional protection against other cyberattacks that they might be faced with, increasing their overall cyber resilience.
This huge pitfall is one of the top ways that companies gain risk exposure through the supply chain because password reuse is endemic and at least 65% of people reuse passwords across the board, including for business or enterprise accounts. But two solutions are strong defenders in the fight against password compromise risk from these sources.
- Multifactor authentication stops 99% of password-based cybercrime including an employee’s often-recycled password, and it’s just one of the many tools that boost security through Passly.
- Dark web monitoring with Dark Web ID gives IT teams crucial time to respond if a company’s passwords hit dark web markets or dumps no matter where they’re snatched from enabling companies to react before the bad guys do.
Spear Phishing & Ransomware
Exponential growth in phishing risk has put every business solidly in cybercriminal sights. Bad actors are using the data gleaned from breaches at service providers, manufacturers, wholesale suppliers, transportation companies, business services firms and more to mount phishing-based cyberattacks on companies in every industry.
- Reduce the chance of a phishing attack from harming a business by up to 70% with security awareness and phishing resistance training through BullPhish ID
- Repeat that training at least quarterly using preloaded phishing simulation kits or customize the content to reflect industry-specific dangers including attachments and URLs
Securing your clients against the escalating risk that comes from third parties or the supply chain immediately is crucial – 72% of compliance leaders expect the number of TPR/SCR risk that companies face to increase in 2021. By acting now to take sensible precautions, you and your clients can feel confident that you’re insulated against this growing threat vector. Contact the experts at Bit by Bit to find the perfect combination of solutions to defeat this risk.