Cyber Risk and Vendor Security Management

The digital supply chain has brought new efficiencies and strengthened connectivity among partners. For companies to remain competitive today, engaging in the digital supply chain simply cannot be avoided.

However, the digital supply chain also has brought an array of fresh challenges, including a heightened risk for cyberattacks. A major part of the problem is an expanded “attack surface” that includes a company‚Äôs partners in the supply chain, said Michelle Drolet, CEO of Towerwall, “exposing the organization to a multitude of cyber risks such as attacks and breaches, wide-scale disruption, stolen credential, loss of reputation and other legal, financial and compliance risks.”

“As cybersecurity defenses of enterprises mature, attackers are shifting their attacks to third-parties as they may not have the same level of cybersecurity maturity as that of the parent organization,” Drolet said.

Doreen Gonzalez-Gaboyan, president and founder of Industry Workforce Solutions, said the supply chain is the No. 1 source of cyber risk for most corporations, citing data that as many as 70% of cyberattacks come through a third party. Sachin Khalap, head of the Governance, Risk, Compliance and Data Privacy Centre of Excellence, TCS Cybersecurity, said that cyber risks rise exponentially as more companies participate in the digital supply chain.

“The companies are geographically spread, and have their own disparate systems, vendors and policies,” Khalap said. “Connecting them together makes a compounding effect to the risk.”

As Tom Martucci, chief technology officer, Consolidated Intermodal Technologies, pointed out, “We are all only as secure as the weakest link in the supply chain. . .”

Read the full feature story in MHI Solutions magazine.