As the number of high profile breaches that originate with third party vulnerabilities increases, companies should look to solutions that give real-time visibility.
Recent research undertaken by the Ponemon Institute suggests that nearly half of organisations (44 percent) experienced a security breach within the last year. More disturbing is that three-quarters (74 percent) said that the breach had occurred because of access given to their infrastructure and data to third parties.
The 2020 SolarWinds supply chain attack exposed the data of hundreds of companies and their customers including high-profile public and private organisations. In early 2021, Accellion’s legacy File Transfer Application server was hacked, again laying bare hundreds of high-profile customers’ data and sensitive details and most recently the hack on US software provider Kaseya has impacted 1,000’s of companies around the world. JP Morgan, which had spent $250 million on security annually since 2014 was hacked through Simmco Data Systems, a third-party supplier.
The last example highlights a key point. No matter how much a company spends on its own security, no matter how sophisticated its solutions and policies, unless it has a clear understanding and view of how vulnerable its supply chain and partners are to hacks, it will never be fully secure.
That is why many companies are turning to automated solutions that provide a real-time view of the vulnerabilities within the supply chain. This allows organisations to make decisions about who to partner with, to implement policy and codes that ensure that they do not work with companies with lax security, and to ensure that they are secure across the board.Companies are turning to automated solutions that give a real-time view of the vulnerabilities within their supply chain. This allows them to make decisions about who to partner with and to ensure that they are secure across the board. Click To Tweet
How Northdoor is helping our clients combat third party cyber risk
Amongst many other companies, we have been working with The Salvation Army to implement RiskXchange, a simple, automated and centralised risk-management solution. The solution has enabled The Salvation Army to manage its own cyber risk score as well as ensuring that its suppliers and third-party partners can meet GDPR requirements.
RiskXchange delivered both a low-friction user experience for new suppliers and ease of use for The Salvation Army’s security teams, as well as providing real-time cyber risk management information for their broader management teams.
Before implementation of the solution, The Salvation Army could only look at the first link in its supply chain, even with a team of auditors examining every detail of its suppliers’ systems and policies. RiskXchange has enabled the team to gain automated visibility into the complex web of risk across its supply chain, which has been particularly important with the GDPR.
Having such visibility means that you have real insight to potentially hugely damaging third party vulnerabilities that would allow cyber-criminals into through the back-door. This means The Salvation Army can be more secure than ever, as well as adhering to GDPR.
Our success with The Salvation Army is reflected in our recent nomination for Best Security Solution of the Year in the European IT Excellence Awards 2021.
Equally, our work for Rail Delivery Group (RDG) has proved the real value of acknowledging the importance of securing your supply chain. RDG represents UK passenger and freight rail companies, Network Rail and High Speed 2 and is responsible for a host of shared services, including the allocation and settlement of ticket revenue, discounted travel schemes and third-party ticket sellers. This means that it holds a vast amount of data that represents a hugely tempting targets for cyber-criminals.
We helped RDG implement the RiskXchange solution, completed a review of security strategy and deployed security support services. This means that RDG now has enterprise-level protection for critical revenue and operational systems and established governance and compliance processes for cyber security. There is a reduced business risk of service disruption and data breach along with embedded best-practice cyber security for future operations.
Providing visibility of third party vulnerabilities with RiskXchange
Giving companies a 360-degree insight into potential risk and vulnerabilities is crucial in securing data and infrastructure. This was certainly the case when we started working with Pret A Manager. The company was aware that it did not have a good grasp of how its partners were handling the sensitive data it shares with them. By implementing our RiskXchange solution, the Pret A Manager team can now see a real-time view to ensure that the company maintains a strong security posture.
The solution has also helped to make risk assessments when evaluating new suppliers twice as fast, meaning that any vulnerabilities are quickly identified, as well as continually monitoring existing suppliers to ensure that the ‘back-door’ remains firmly closed.
The threat of increasingly sophisticated cyber-criminals targeting companies of all sizes is not going away. Criminals will always look for the weakest or easiest way in and all too often this is through third parties and the extended supply chain. Securing these vulnerabilities to the same degree you secure your own defences is the only way to remain fully protected.