Skip to main content

Companies urged to ensure supply chain security

(Image credit: Image source: Shutterstock/KAMONRAT)

New research from Citrix (opens in new tab) has revealed that large businesses in the UK are overlooking the cybersecurity resilience of external providers within their supply chain network (opens in new tab) which could leave them vulnerable to an attack. 

The company's recent poll surveyed 750 IT security decision makers in companies with 250 or more employees across the UK, to better understand their level of preparation for cyber-attacks. The research also explored whether businesses are conducting the necessary due diligence when assessing new suppliers.

When questioned regarding the boarding process of new suppliers, only 35 per cent of businesses believe the cybersecurity audit conducted by their organisation to be 'very comprehensive'. However, nine per cent said that their organisation only asks a few questions during the initial pitch process. Additionally, just over a third (35%) said their organisation has insurance which covers their supply chain providers in the event of a breach or other cybersecurity concerns. 

Citrix's research also shed light on the need for improved communication between organisations and their supply base with just 20 per cent of respondents confirming that they do not communicate with suppliers when testing their cybersecurity recovery process (opens in new tab)

Despite the fact that many businesses overlook their supply chain, there is still growing confidence among IT security teams with the vast majority (93%) of IT security decision makers confident that their organisation could operate effectively in the wake of a cyberattack. 

Chief security architect at Citrix, Chris Mayers (opens in new tab) offered further insight on the company's findings, saying: 

“Recent cyberattacks demonstrate that the supply chain can be the weakest link for a significant number of organisations. For example, the ‘NotPetya’ campaign began with an extremely effective supply chain attack, which had disastrous consequences for Ukraine’s national bank, airport and government department – proceeding to infect machines in a staggering 64 countries. It is therefore vital that businesses conduct the necessary due diligence when integrating a new provider into their supply chain. Considering the risk associated with a supply chain attack and conducting a cybersecurity audit of your supply base should not be a box-ticking exercise.” 

Image Credit: KAMONRAT / Shutterstock

After getting his start at ITProPortal and then working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches to how to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.