Many firms are working with risky third party vendors
Despite having well-defended digital premises and endpoints (opens in new tab), many firms are at risk of cyberattacks because they work with different vendors and third parties that aren’t as secure.
This is according to a new report from cybersecurity ratings firm SecurityScorecard, which analyzed more than 235,000 organizations worldwide, as well as 73,000 vendors and products they use, to find that virtually all firms (98%) have vendor relationships with at least one third party that suffered a data breach in the last two years.
What’s more, half of the organizations have indirect relationships (as in used by the third-party vendors) with at least 200 companies that suffered a cyberattack in the last two years.
F for security
For every third-party vendor in a supply chain, businesses usually have indirect relationships with 60 to 90 times that number of fourth-party relationships, the researchers have found. With third parties being up to five times more likely to exhibit poor security, the risk quickly compounds.
Roughly a tenth (10%) of all third parties analyzed for the report were rated F for security.
Looking at different industries, the information services sector has an average of 25 vendors, while the finance sector has 6.5 on average. Healthcare averaged 15.5 vendors, while insurance has 11. Each one poses a significant risk to the original organization.
Cybercriminals seem to be well aware of these facts, as supply chain attacks became one of the most devastating forms of cybercrime lately. The SolarWinds attack, in which just one company had its software compromised, and which resulted in tens of thousands of organizations worldwide being affected, is probably the best example.
“An organization’s attack surface spans beyond just the technology that they own or control, ” said Aleksandr Yampolskiy, co-founder and CEO of SecurityScorecard.
“Organizations need visibility into the security ratings of their entire third and fourth party ecosystem so that they can know in an instant whether an organization deserves their trust and can take proactive steps to mitigate risk.”
Audio player loading… Despite having well-defended digital premises and endpoints (opens in new tab), many firms are at risk of cyberattacks because they work with different vendors and third parties that aren’t as secure. This is according to a new report from cybersecurity ratings firm SecurityScorecard, which analyzed more than…
Recent Posts
- Over 400 million Google accounts have used passkeys but our passwordless future remains elusive
- VMware by Broadcom makes more concessions to cloud service provider community and customers
- Thinking About Buying a Hybrid Car? Listen Up
- The Morning After: Microsoft’s OpenAI partnership was born from Google AI envy
- Even YouTube’s pause screen won’t be safe from smart TV ads soon, as Google hints it’ll follow Hulu, Max and Peacock soon
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011