But navigate this complexity we must, because within those connections are systemic risks to all organizations. Some of the most severe, recent newsmaking incidents were as important as they were because they impacted the global supply chain, including the Kaspersky (June 2024), Snowflake (May 2024), and Crowdstrike (July 2024) incidents.
That’s why Bitsight TRACE has taken a deep, data-driven dive into this topic to produce a report designed to help organizations better understand and approach the security risks posed by these myriad connections. The new research report, “Under the Surface: Cybersecurity Risks within the Global Supply Chain,” is full of illuminating facts:
- Supply chains are vast. We find that a typical organization employs hundreds of products from dozens of providers.
- Providers have 2.5x larger supply chains compared with the consumers they serve. The providers we observe in our data set tend to have larger supply chains compared with their consumer customers. With a larger attack surface to defend, providers tend not to perform as strongly as consumers.
- There are several areas of concentrated risk across the supply…
