Less than half of respondents to a new ISACA survey have high confidence in the security of their organization’s supply chain as supply chain risks have become increasingly top-of-mind for enterprises and consumers alike throughout the pandemic.
ISACA’s supply chain security survey received responses from more than 1,300 IT professionals with supply chain insight, 25 percent of whom note that their organization experienced a supply chain attack in the last 12 months. Survey respondents cited these five supply chain risks as being their key concerns:
- Ransomware (73%)
- Poor information security practices by suppliers (66%)
- Software security vulnerabilities (65%)
- Third-party data storage (61%)
- Third-party service providers or vendors with physical or virtual access to information systems, software code or IP (55%)
Additionally, 30 percent of respondents say that their organization’s leaders do not have sufficient understanding of supply chain risks. Only 44 percent indicate they have high confidence in the security of their organization’s supply chain, and the same percentage have high confidence in the access controls throughout their supply chain. A majority (53 percent) say they expect supply chain issues to stay the same or worsen over the next six months.
The COVID-19 pandemic has deepened strains on the supply chain around the globe as product availability and costs have become widely problematic, and attackers see new opportunities to wreak havoc.
“Our supply chains have always been vulnerable, but the pandemic further revealed the extent to which they are at risk from a number of factors, including security threats,” says Rob Clyde, past ISACA board chair, NACD Board Leadership Fellow, and executive chair of the board of directors for White Cloud Security. “It is crucial for enterprises to take the time to understand this evolving risk landscape, as well as to examine the security gaps that may exist within their organization that need to be prioritized and addressed.”
Added ISACA CEO David Samuelson: “To advance digital trust, there needs to be a level of confidence in the security, integrity and availability of all systems and suppliers. As we have seen from previous incidents, customers do not differentiate between an attack on an element of your supply chain and an attack on your own systems. Now is the time to take swift and meaningful actions to improve supply chain security and governance.”
ISACA offers additional publications on the topic, including its e-book, How to Manage Supply Chain Risk, as well as cybersecurity resources at yvi2.aksarayyeralticarsisi.com/resources/cybersecurity.
To read the full survey report and access related supply chain resources, visit yvi2.aksarayyeralticarsisi.com/supply-chain-security.