The Rising Tide of Supply Chain Risk Threatens Every Business

April 15, 2021

April is National Supply Chain Integrity Month. Supply chain and third-party (SCR/TPR) cybersecurity risk for businesses has been a hot topic in recent months. Enormous security blunders at Microsoft, Accellion, SolarWinds, BlackBaud and other major service providers have drawn attention to an incontrovertible truth: today’s businesses are more connected than ever before – and each of those connections represents a cybersecurity risk. 

Arm your staffers to detect phishing with our tips on The Safe Path to Email infographic GET IT>>

Looking at phishing risk from your supply chain is an integral part of getting a complete picture of the scope of your actual risk. Phishing attacks against businesses are commonly fueled by dark web data, and there’s plenty for cybercriminals to choose from. A flood of records stolen in past data breaches has made its way to the dark web including an estimated 22 million new records in 2020 alone. Experts had already estimated that 65% of the information on the dark web at the start of 2020 could harm businesses and this influx of stolen information provides abundant fresh fuel for cybercrime, increasing everyone’s risk

Don’t Let a Supplier’s Past Data Breach Become Your Future Cyberattack

Business data stolen in past incidents at popular suppliers and service providers may be increasing everyone’s risk, but not every business takes their prospective partners’ commitment to keeping their information safe into account when forming new relationships. In MasterCard Risk Recon’s The State of Third-Party Risk, one-third of respondents said that they assessed fewer than 25 vendors annually. Another third checked between 25 and 100 and the last third reviewed cybersecurity practices for more than 100 vendors. About 5% of respondents were in charge of assessing more than 750 vendors per year.  

Cybercriminals piggybacking on legitimate business domains has increased risk in every sector, especially as an email-dependent remote workforce has opened up new opportunities. Threats from stolen or hijacked supplier accounts are a big part of the TPR/SCR risk landscape. About 74% of those threats are phishing attempts or impostor schemes, and almost 30% were malware-related. That tracks with other industry data indicating that an astonishing 98% of monitored organizations clocked a threat from a supplier domain in 2020. 

Learn how to add to your security team without adding to your payroll. SEE HOW>>

Overall, 80% of respondents had suffered at least one breach via the supply chain, a majority had suffered at least two breaches and one in ten had suffered more than six. That’s a huge problem for companies that are trying to dig out of a pandemic-induced revenue drop. The manufacturing sector was especially beleaguered, with 57% of survey respondents saying they have suffered breaches related to supply chain exposure in the past 12 months. Visibility is a major concern – 29% of the executives said they had no way of knowing if a risk was spawned at a vendor until it became a cyberattack on their business. 

About 74% of threats that are directed at businesses from SCR/TPR are phishing attempts or impostor schemes, and almost 30% were malware-related including ransomware. With more than 75% of organizations around the world experiencing some kind of phishing attack in 2020, that means that one of the most common and unexpected ways for a phishing attack to arrive on a company’s doorstep is through a third-party or supply chain source. That’s another reason why investing in improved anti-phishing security with Graphus is a smart choice. 

Choose Smart, Effective Security That Works for You

Graphus analyzes every incoming message using more than 50 points of comparison. It doesn’t just compare them to a “safe sender” list either, it analyzes the content of messages to discover threats that slip under the radar of old-fashioned email security or SEGs. Graphus is 40% more effective than conventional email solutions. Plus, the AI never stops learning, so you’re not waiting on traditional threat intelligence to be gathered and added in a patch or update to be ready for new threats, making Graphus more effective against zero day and zero patient threats.  

Get your business protected from phishing to help stem the tide of third-party and supply chain risk that’s cresting now. Contact our experts to book a demo today.