I have been contacted many times in the last few days to comment on the latest worldwide supply chain breaches – and evidently, the massive Solarwinds hack sending shock waves across industries.
Â
Supply-chain risk and vendor’s cybersecurity attacks are historically prevalent in recent years it became one of the cardinal attack vectors and we are observing more breaches which affect every company.
Â
The common mistake we observe almost universally, companies are neglecting the vendors long-tail.
Â
Due to cost and time required in assessing and defining risk reduction plans for individual vendors – enterprises tend to audit their top 10%Â of the supply chain (typically largest size, annual budget, perceived risk, etc.)
Â
This leaves you exposed to the long-tail; hundreds and thousands of SaaS companies, remotely connected service providers, API integrations, maintenance services, and many others. Companies that their processes, risk exposures and infrastructure expose you to a higher risk gap that no one is talking about, the one that provides an uncompetitive advantage to adversaries – which counting on your inability to effectively address the long-tail, specifically target these.
Â
Recent customer assessment campaigns we conducted for long-tail vendors indicate:
Â
- 75% of cloud vendors lack sufficient security measures
- 63% of AWS based vendors did not apply 2FA or other strong authentication practices
- 90% of SME vendors did not establish security awareness, policies, and procedures
- ALL SME vendor exhibited 2 or more showstopper gaps (as defined by customers)
All this indicates thousands of exposed vendors targeted, waiting to be breached!
Â
We designed an extensive audit for long-tail vendors, enabling you to rapidly assess and aggregate a dedicated risk reduction plan for any number of vendors – with minimal resources and quickly.
Do not be the next news headline, Consult with us today!