Research released in conjunction with the Black Hat security conference revealed that 1,980 out of the world’s 2,000 largest companies are directly connected to technology suppliers that have recently experienced cyber security incidents or data breaches. This poses a significant risk to the global economy through multi-party supply chain attacks.
The study conducted by SecurityScorecard and The Cyentia Institute found that 99% of organisations listed on Forbes’ Global 2000 list, including well-known UK multinationals like AstraZeneca, BP, Diageo, HSBC, and Vodafone, were exposed to these risks. The financial losses from breaches affecting the Global 2000 have reached billions of dollars, potentially up to $80 billion in the past 15 months.
Additionally, 20% of the Global 2000 companies were found to be using 1,000 or more IT products, creating numerous potential entry points for cyber attacks. The interconnectedness of these organisations intensifies the risk, according to Wade Baker, a partner and co-founder of Cyentia.
SecurityScorecard’s senior vice-president of threat research, Ryan Sherstobitoff, emphasized the importance of understanding and managing the supply chain to protect business continuity and the overall economy. Recent incidents such as the CrowdStrike issue have highlighted the vulnerability of global IT systems.
It is imperative for businesses to implement “know your supply chain” (KYSC) principles as part of their resilience strategy. Continuous monitoring of external attack surfaces, identifying single points of failure, and staying informed about supplier IT deployments are crucial steps in mitigating risks within the supply chain.