I have been contacted many times in the last few days to comment on the latest worldwide supply chain breaches – and evidently, the massive Solarwinds hack sending shock waves across industries.
Supply-chain risk and vendor’s cybersecurity attacks are historically prevalent in recent years it became one of the cardinal attack vectors and we are observing more breaches which affect every company.
The common mistake we observe almost universally, companies are neglecting the vendors long-tail.
Due to cost and time required in assessing and defining risk reduction plans for individual vendors – enterprises tend to audit their top 10% of the supply chain (typically largest size, annual budget, perceived risk, etc.)
This leaves you exposed to the long-tail; hundreds and thousands of SaaS companies, remotely connected service providers, API integrations, maintenance services, and many others. Companies that their processes, risk exposures and infrastructure expose you to a higher risk gap that no one is talking about, the one that provides an uncompetitive advantage to adversaries – which counting on your inability to effectively address the long-tail, specifically target these.
Recent customer assessment campaigns we conducted for long-tail vendors indicate:
- 75% of cloud vendors lack sufficient security measures
- 63% of AWS based vendors did not apply 2FA or other strong authentication practices
- 90% of SME vendors did not establish security awareness, policies, and procedures
- ALL SME vendor exhibited 2 or more showstopper gaps (as defined by customers)
All this indicates thousands of exposed vendors targeted, waiting to be breached!
We designed an extensive audit for long-tail vendors, enabling you to rapidly assess and aggregate a dedicated risk reduction plan for any number of vendors – with minimal resources and quickly.
Do not be the next news headline, Consult with us today!