New research from Citrix has revealed that large businesses in the UK are overlooking the cybersecurity resilience of external providers within their supply chain network which could leave them vulnerable to an attack.
The company's recent poll surveyed 750 IT security decision makers in companies with 250 or more employees across the UK, to better understand their level of preparation for cyber-attacks. The research also explored whether businesses are conducting the necessary due diligence when assessing new suppliers.
When questioned regarding the boarding process of new suppliers, only 35 per cent of businesses believe the cybersecurity audit conducted by their organisation to be 'very comprehensive'. However, nine per cent said that their organisation only asks a few questions during the initial pitch process. Additionally, just over a third (35%) said their organisation has insurance which covers their supply chain providers in the event of a breach or other cybersecurity concerns.
Citrix's research also shed light on the need for improved communication between organisations and their supply base with just 20 per cent of respondents confirming that they do not communicate with suppliers when testing their cybersecurity recovery process.
Despite the fact that many businesses overlook their supply chain, there is still growing confidence among IT security teams with the vast majority (93%) of IT security decision makers confident that their organisation could operate effectively in the wake of a cyberattack.
Chief security architect at Citrix, Chris Mayers offered further insight on the company's findings, saying:
“Recent cyberattacks demonstrate that the supply chain can be the weakest link for a significant number of organisations. For example, the ‘NotPetya’ campaign began with an extremely effective supply chain attack, which had disastrous consequences for Ukraine’s national bank, airport and government department – proceeding to infect machines in a staggering 64 countries. It is therefore vital that businesses conduct the necessary due diligence when integrating a new provider into their supply chain. Considering the risk associated with a supply chain attack and conducting a cybersecurity audit of your supply base should not be a box-ticking exercise.”
Image Credit: KAMONRAT / Shutterstock