Research: Supply Chain Cyber Attacks Continue to Increase

Organizations have an opportunity to reduce their third-party risk by clarifying whether they or their suppliers are responsible for supply chain risk management, according to new global research of 1400 cybersecurity decision makers by NCC Group.

Around one in three (36%) said that they are more responsible for preventing, detecting and resolving supply chain attacks than their suppliers. Just over half (53%) said that their company and its suppliers are equally responsible for the security of supply chains.

This could affect organizations’ third-party risk if it means that they are not conducting appropriate due diligence on their suppliers, and could expose them to regulatory penalties. The EU’s Digital Operational Resilience Act (DORA) mandates that financial entities include key security requirements in their contracts with third parties, indicating that regulators are increasingly emphasizing the organization’s role in supplier risk management.

Despite this, half (49%) of the organizations surveyed said that they did not stipulate security standards that their suppliers must adhere to as part of their contracts. One in three (34%) said that they do not regularly monitor and risk assess their suppliers’ cybersecurity arrangements.

The research suggests that cybersecurity attacks on company supply chains increased by 51% between July and December 2021. Only one in three (32%) organizations were ‘very confident’ that they could respond quickly and effectively to a supply chain attack.

Encouragingly, respondents recognized supplier risk as one of their top challenges for the next 6-12 months and plan to increase their security budgets by an average of 10% this year.

Arina Palchik, Global Commercial Director, Remediation, at NCC Group, said: “Many organizations work closely with their suppliers by integrating them into their infrastructures to increase efficiencies and strengthen operations, but this can increase their cyber risk by widening their potential attack surfaces. Security gaps in supply chains can lead to leakage of customer data and serve as entry points for ransomware attacks, and our latest research suggests that hackers are increasingly targeting organizations through their suppliers, with attacks up by 51% in the last six months of 2021.

“It’s encouraging that organizations recognize supplier risk as one of their top challenges for 2022. However, our findings uncovered specific areas for improvement including clarity around responsibility for preventing, detecting and resolving attacks and lax controls for supplier assurance. It’s important that any investment in security addresses these areas to reduce third-party risk and enable organizations to work with their suppliers in confidence.”

Featured

  • New Gas Monkey Garage Venue Uses AI-Enhanced Video Technology

    Gas Monkey Garage, the automotive custom shop and entertainment brand founded by Richard Rawlings of Fast N’ Loud TV fame, has opened a vibrant new restaurant and bar in South Dakota, equipped with advanced, AI-enhanced video tech from IDIS Americas. Read Now

  • Data Driven, Proactive Response

    As cities face rising demands for smarter policing and faster emergency response, Real Time Crime Centers (RTCCs) are emerging as essential hubs for data-driven public safety. In this interview, two experts with deep field experience — Ross Bourgeois of New Orleans and Dean Cunningham of Axis Communications — draw on decades of operational, leadership and technology expertise to share how RTCCs are transforming public safety through innovation, interagency collaboration and a relentless focus on community impact. Read Now

  • Integration Imagination: The Future of Connected Operations

    Security teams that collaborate cross-functionally and apply imagination and creativity to envision and design their ideal integrated ecosystem will have the biggest upside to corporate security and operational benefits. Read Now

  • Smarter Access Starts with Flexibility

    Today’s workplaces are undergoing a rapid evolution, driven by hybrid work models, emerging smart technologies, and flexible work schedules. To keep pace with growing workplace demands, buildings are becoming more dynamic – capable of adapting to how people move, work, and interact in real-time. Read Now

  • Trends Keeping an Eye on Business Decisions

    Today, AI continues to transform the way data is used to make important business decisions. AI and the cloud together are redefining how video surveillance systems are being used to simulate human intelligence by combining data analysis, prediction, and process automation with minimal human intervention. Many organizations are upgrading their surveillance systems to reap the benefits of technologies like AI and cloud applications. Read Now

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.