Home Tech Updates New report highlights key supply chain concerns for 2022

New report highlights key supply chain concerns for 2022

by Helen J. Wolf
0 comment

Over the past two years, supply chain challenges have affected businesses and consumers, making accessing certain goods and maintaining business continuity more difficult.

Security threats have only compounded these concerns, and a new ISACA research report highlights the top concerns of IT professionals about security challenges and how their organizations are responding to them.

Supply Chain Security Gaps: A 2022 Global Research Report received responses from more than 1,300 IT professionals with supply chain insight, 25% of whom indicated their organization had experienced a supply chain attack in the past 12 months.

New report highlights key supply chain concerns

Survey respondents listed these five supply chain risks as their top concerns:

Ransomware (73%) Poor information security practices by vendors (66%) Software security vulnerabilities (65%) Third-party data storage (61%) Third-party service providers or vendors with physical or virtual access to information systems, software code, or IP (55%)

In addition, 30% of respondents say their organization’s leaders lack sufficient understanding of supply chain risks. Only 44% say they have a lot of confidence in the security of their organization’s supply chain, and the same percentage have a lot of confidence in the access controls in their supply chain.

Their outlook for the future is not promising either, with 53% saying they expect supply chain problems to remain the same or worsen over the next six months.

Rob Clyde, former ISACA Board Chair, NACD Board Leadership Fellow, and Executive Chair of the Board for White Cloud Security, comments: “Our supply chains have always been vulnerable, but the COVID-19 pandemic has further revealed the extent to which several factors, including security threats, are threatening them.

“It’s critical for enterprises to take the time to understand this evolving risk landscape and explore the security gaps in their organization that must be prioritized and addressed.”

Regarding taking action, 84% say their organization’s supply chain needs better governance than it does today. Nearly 1 in 5 say their vendor review process does not include cybersecurity and privacy reviews.

In addition, 39% have not developed incident response plans with suppliers during a cybersecurity event, and 60% have not coordinated and implemented supply chain-based incident response plans with their suppliers.

Nearly half of the respondents (49%) say their organizations do not perform vulnerability scanning and penetration testing in the supply chain.

John Pironti, president of IP Architects and member of the ISACA Emerging Trends Working Group, said: “Managing supply chain security risks requires a multi-pronged approach, including regular cybersecurity and privacy assessments and the development and coordination of response plans—Incidents, both in close cooperation with suppliers.

“Building strong relationships with your organization’s suppliers and establishing ongoing communication channels is vital to ensuring that assessments, information sharing, and solutions run smoothly and effectively.”

Pironti outlined some key steps organizations should take to strengthen the security of their IT supply chain:

You cannot protect what you do not know. Develop and maintain an inventory of suppliers and the capabilities they offer. Requires disclosure of open-source software components. Conduct threat and vulnerability analysis from key third parties for your business. Create a contract addendum for technical and organizational measures for supply chain contracts. Trust, but verify. Conduct evidence-based assessments of significant third parties.

David Samuelson, CEO of ISACA, concludes: “To foster digital trust, there must be confidence in the security, integrity, and availability of all systems and vendors.

“As we’ve seen from past incidents, customers don’t differentiate between an attack on any part of your supply chain and an atom. Now is the time to take quick and meaningful actions to improve supply security and governance. Improve the chain.”

You may also like