ETFOptimize | High-performance ETF-based Investment Strategies

Quantitative strategies, Wall Street-caliber research, and insightful market analysis since 1998.
ETFOptimize | HOME
Close Window
Recent Quotes
My Watchlist
Indicators
Markets
Stocks
ETFs
Tools
Overview
News
Currencies
International
Treasuries

Risk Ledger survey of 2500+ suppliers reveals key supply chain cyber security weaknesses

By: News Direct

--News Direct--

Attackers are targeting under-resourced suppliers with weaker defences as a way of disrupting or compromising larger organisations. The notable ransomware attack on a supplier to semiconductor giant Applied Materials is expected to lead to $250m in lost sales. With well over 60% of organisations having suffered a data breach through a third party, this regularly results in regulatory fines, huge data recovery costs and loss of consumer trust.

Spotlighting the key security weaknesses in the supply chain ecosystem, cyber security business Risk Ledger is publishing its ‘State of Cyber Security in the Supply Chain 2023’ report on Tuesday, 18th April. The report is based on proprietary data from over 2,500 suppliers that have shared information on their risk posture against over 200 cyber security controls with their customers on the Risk Ledger platform. Based on its findings, it draws attention to the 12 most common weaknesses among suppliers and offers practical recommendations by cyber security experts for improving organisations’ third-party risk management strategies.

Some of the major findings revealed in this report include:

17% do not enforce multi-factor authentication (MFA) on all remotely accessible services. MFA is the simplest, most effective way to keep hackers out of your online accounts. However, whilst MFA is simple to implement, it does increase friction for the user and is therefore often provided as an optional setting which needs to be intentionally configured. This often leaves MFA disabled and the accounts vulnerable to unauthorised access through password theft.

23% do not use Privileged Access Management controls to securely manage the use of privileged accounts. Highly privileged accounts are the ultimate target for attackers. With high privileges, an attacker will be able to access more sensitive (and more valuable) data, and modify security detection tools to cover their own tracks.

20% do not use a password manager. People are terrible at remembering passwords, which means employees create insecure passwords like qwerty123. This is not their fault! Businesses need to provide a practical alternative.

All three of these weaknesses are common causes of cyber security incidents and a high proportion of third, fourth and fifth party suppliers are not using controls to protect themselves or their customers in these areas.

The perhaps biggest problem associated with supply chain cyber attacks is the almost total lack of visibility into the prevailing weaknesses among suppliers. There is a wealth of existing data on the tools hackers use to target companies, and on the effects of such attacks, allowing cyber security professionals to put specific defences in place. There has been a total lack of visibility, however, into the main weaknesses in security postures of suppliers that allow these attacks to be successful in the first place. Risk Ledger’s new report gives this unique insight.

Risk Ledger's CEO, Haydn Brooks

Risk Ledger’s CEO, Haydn Brooks commented: “Companies rarely run security assurance against more than 10% of their immediate third-party suppliers, while visibility into the risks existing further down the chain remains almost non-existent. To improve this situation, better data and insights into the most prevalent weaknesses in the wider supplier ecosystem are needed, so that remedial efforts can become more focussed. This is the purpose of our report. We want to share the insights we have obtained from suppliers on the Risk Ledger platform with the wider security community, allowing them to use our findings to benchmark their own suppliers against their peers.”

Risk Ledger’s “The State of Cyber Security in the Supply Chain: Data Insights Report 2023” will be available for download on Risk Ledger’s website from Tuesday, 18th April.

About Risk Ledger

Risk Ledger is an award-winning cyber security start-up that was founded in 2018 by Haydn Brooks and Daniel Saul with a mission to shift the way organisations approach cyber security in the supply chain. Built on the idea of a social network, organisations using Risk Ledger can connect with and continuously monitor their suppliers' risk controls, including security, financial and ESG, and work together through the Risk Ledger platform to remediate any risks. Risk Ledger's client base includes organisations like BAE AI, City of London Police, Telenor, Scottish Rail, the UK Health Security Agency, among many others.

Contact Details

Risk Ledger

Bilal Mahmood

+44 7714 007257

b.mahmood@stockwoodstrategy.com

Company Website

https://riskledger.com/

View source version on newsdirect.com: https://newsdirect.com/news/risk-ledger-survey-of-2500-suppliers-reveals-key-supply-chain-cyber-security-weaknesses-295490398

Data & News supplied by www.cloudquote.io
Stock quotes supplied by Barchart
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.


 
IntelligentValue Home
Close Window

DISCLAIMER

All content herein is issued solely for informational purposes and is not to be construed as an offer to sell or the solicitation of an offer to buy, nor should it be interpreted as a recommendation to buy, hold or sell (short or otherwise) any security.  All opinions, analyses, and information included herein are based on sources believed to be reliable, but no representation or warranty of any kind, expressed or implied, is made including but not limited to any representation or warranty concerning accuracy, completeness, correctness, timeliness or appropriateness. We undertake no obligation to update such opinions, analysis or information. You should independently verify all information contained on this website. Some information is based on analysis of past performance or hypothetical performance results, which have inherent limitations. We make no representation that any particular equity or strategy will or is likely to achieve profits or losses similar to those shown. Shareholders, employees, writers, contractors, and affiliates associated with ETFOptimize.com may have ownership positions in the securities that are mentioned. If you are not sure if ETFs, algorithmic investing, or a particular investment is right for you, you are urged to consult with a Registered Investment Advisor (RIA). Neither this website nor anyone associated with producing its content are Registered Investment Advisors, and no attempt is made herein to substitute for personalized, professional investment advice. Neither ETFOptimize.com, Global Alpha Investments, Inc., nor its employees, service providers, associates, or affiliates are responsible for any investment losses you may incur as a result of using the information provided herein. Remember that past investment returns may not be indicative of future returns.

Copyright © 1998-2017 ETFOptimize.com, a publication of Optimized Investments, Inc. All rights reserved.