Third-Party Supply Chain Risk
According to a study performed by cyber security services firm BlueVoyant, 80 percent of organizations they surveyed experienced a breach that originated from vulnerabilities in their vendor ecosystem within the past 12 months. Less than 25 percent of those organizations monitor their entire supply chain, and only 32 percent reassess their vendor’s cyber risk position either every 6 months or less frequently.
However, as demonstrated in the past year, third-party supply chain and vendor cyber risks have proliferated as they become the targets of increasingly sophisticated cyber-attacks. These attacks can have far-reaching and potentially disastrous consequences for customers and businesses alike. Consider, for example, the ransomware attack on Colonial Pipeline that led to a short-term spike in energy prices and disruption in energy supplies to the northeastern United States. Earlier this year, the New York Department of Financial Services (NY DFS) released a White Paper on the SolarWinds hack, which inserted malicious code into Orion software that was pushed out to clients.
Regulatory Scrutiny
Regulators from various…
