While there’s a lot you can do to control your own cybersecurity activities, the level of security you ultimately have will always be limited by the practices of your suppliers. A recent survey from Gartner has found that 89% of responding companies had experienced a risk event associated with a supplier, while also noting there was a relative lack of maturity with respect to the management of supplier-driven risks, according to an article in Spiceworks. These supply chain security risks can take multiple forms, whether via lax supplier data management practices leading to data security vulnerabilities, via integration of third-party technology into your platforms, or via fraud conducted using the information of vendors.
In any of the above cases, companies increasingly need to examine the cybersecurity practices of their vendors, to ensure these vendors and suppliers have robust cybersecurity plans in place for management of their data and yours, and the staffing levels needed to respond to attacks on their organizations.
Source: