For professionals in the logistics industry, the need to maintain a strong posture against cybersecurity risks should be obvious. However, there are often so many of these potential pitfalls that it's hard to recognize them, especially because many are all but hidden from their view. That's especially true because of the sheer volume of supply chain partners with which they typically share data.
Indeed, 80% of supply chain businesses that were hit with at least one cybersecurity incident in the last year believe the incident originated with a third-party partner, according to a recent survey of industry executives found from BlueVoyant. On average, those businesses experienced nearly three breaches in that 12-month period, and worryingly, 29% said they have no way to assess risk from their partners.
That should come as little surprise, however, as only 22.5% of those polled said they have the capability to monitor all aspects of their supply chain and almost 1 in 3 re-examine these risks twice per year or less, the survey showed. It's little wonder, then, that 4 in 5 executives polled say they are increasing their cybersecurity budgets.
"The fact that cyber risk management professionals are reporting difficulties across the board shows the complexity they face in trying to improve performance," said Jim Penrose, BlueVoyant's COO. "It is encouraging that budget is being committed to tackling the problem, but with so many issues to solve, many organizations will find it hard to know where to start."
What to consider
Because of these issues, companies would be wise to take stock of potential vulnerabilities more regularly, but also more holistically, according to Tripwire. That includes looking at all assets — including workers — they have under their roof, as well as a realistic assessment of the risks they might face. Not having insight into partners' own risks is clearly a big red flag, but it's also important to understand what data you are sharing and how that might expose you both in-house and via third parties.
Once you have this information and have your best minds focused on dealing with these issues, it becomes easier to find ways you can improve, the report said. That can include working more carefully with your partners to get more insight into their own potential exposure to come up with a better path forward together.
It starts at the beginning
When making new connections with third-party supply chain partners, a critical assessment of those companies' cybersecurity risks and readiness should be standard operating procedure, according to Machine Design. That kind of due diligence can go a long way toward keeping your risks minimized and allow you both to succeed on your collaboration — whatever it may be — on an ongoing basis. However, this kind of issue doesn't always get the scrutiny it deserves when making new business partnerships, so your entire integration process may have to be reconsidered from the ground up. The good news is that as you put more effort into these changes, the better off you're going to be in the long run.