Your organisation has invested time, budget, and resources into ensuring that it is as secure as it can be, whilst noting that new attacks occur all the time and the fight continues.
But what about your critical suppliers?
Do you know how secure they are? What key services do they provide? Do they have access to your systems? Do they process the data of your employees or your customers?
Many organisations have taken the time to strengthen their ‘front door’ which has led cyber criminals to look for other ways to indirectly breach their defences, often via weaknesses at third party suppliers. As noted in the UK Government’s annual Cyber Security Breaches Survey:
“Most businesses don’t consider risks raised by their Supply Chain.”
“Only 11% of businesses review the risks posed by their immediate suppliers.”
“Only 6% are looking at their wider supply chain.”
Recent examples include the Ticketmaster data breach and the current NHS London Hospitals disruption caused by the ransomware attack on Synnovis.
In the case of TicketMaster, the exact role played in the data breach by their cloud service provider Snowflake is in dispute, but the fact remains that it mainly involved accounts without Multi Factor authentication enabled, pointing to underlying operational and design weaknesses.
With Synnovis, pathology services at several key London hospitals have been impacted due to a ransomware attack on its owner, Munich-based SynLab AG. This is the third ransomware attack against SynLab in the last 12 months, impacting operations in France in 2023, Italy in April 2024, and now the UK.
Making Third Party Risk Management (TPRM) an integral part of your vendor selection process and security strategy is key to your ongoing operational resilience.
In today’s interconnected world, your supplier’s risk is your risk.