IT Professionals Underestimate Impact of Supply Chain Security
Nearly half of respondents in a recent study said they were not confident in the IT security of their supply chain business partners and suppliers.
That was one of the key findings of a recent study conducted by Tripwire, Inc., a global provider of IT operations solutions, which led Tripwire to conclude that many underestimate the potential impact of lax security by business partners and suppliers.
The study, carried out in December 2015, assessed the challenges that business partners bring to cyber security. Study respondents included over 320 IT professionals who have visibility into the security of their organization’s supply chain.
According to Tripwire’s study, eighty-one percent of IT professionals are confident in their ability to protect sensitive customer data. But, as noted, that assurance does not extend to their organization’s business partners.
“Every organization needs to evaluate the security risks associated with their business partners,” said Tim Erlin, director of IT security and risk strategist for Tripwire. “Partnerships provide an important growth mechanism for organizations today, but they also introduce risk. Organizations must invest in securing their points of interaction with partners.”
Among other study results, respondents were nearly unanimous that a supplier or partner security breach could expose valuable data, but 61 percent said they were unconcerned or have bigger concerns. Less than half (44 percent) said their organizations require partners and suppliers to pass security audits before they sign a contract with them. Thirty-four percent use partners and suppliers that fail to meet their security standards. A quarter of respondents admitted their organizations do not evaluate whether suppliers met their security requirements. Half said they make exceptions or offer different standards for some partners.
Weaknesses in business partner and supplier cyber security can have disastrous impacts on businesses, the Tripwire report noted. Vulnerabilities in third-party security may have played a key role in many high profile security breaches, such as the Panama Papers incident and the Target breach.