Lulled into complacency, businesses face risks of supply chain attacks even after they have done their due diligence in assessing their third-party suppliers’ security posture before establishing a partnership. In this first piece of a two-part feature on ransomware, ZDNet discusses the need for continuous review of all touchpoints across their supply chain, especially those involving critical systems and data.
Enterprises typically would give their third-party suppliers “the keys to their castle” after carrying out the usual checks on the vendor’s track history and systems, according to Steve Turner, a New York-based Forrester analyst who focuses on security and risk.
They believed they had done their due diligence before establishing a relationship with the supplier, Turner said, but they failed to understand that they should be conducting reviews on a regular basis, especially with their critical system suppliers.
“Anyone who has the keys to the castle, we should know them in and out and have ongoing reviews,” he said in a video interview with…