The energy sector is the most commonly targeted industry by cyber criminals according to a recent IBM report. But it's not just front-line organisations in the sector who are targets. Often, peripheral vendors and the wider supply chain present an easier target to threat actors.
The energy industry relies on a wide web of third-party supply chain relationships and a complex infrastructure of Operational Technology (OT). Each of these poses an unknown level of risk regarding cyber disruption or theft.
In an analysis of cybersecurity in the energy industry, the World Economic Forum says "65% of organisations have not identified the third parties whose compromise could impact their most critical functions".
Infrastructure supply chains are a target
The former Chief of Britain's National Cyber Security Centre (NCSC) has warned that critical infrastructure, such as energy, could be increasingly targeted via their supporting technologies and functions.
"Critical functions can be severely disrupted without attacking the critical functions, but just attacking the things that help you run them, which tend to be less well protected."
Our conversations with industry leaders reveal that the largest factors holding back Supplier Cyber Risk Management are a lack of internal resources and the perception that many vendors would be unwilling or unable to co-operate should an initiative be introduced. Both of these concerns are directly addressed by Darkbeam's automated dual-capabilty platform which provides comprehensive cyber risk insights into suppliers without the need for their co-operation.
Advice from the World Economic Forum suggests that organisations in the energy sector take the following steps to secure their vendor relationships:
|World Economic Forum Advice||Darkbeam Enablement|
|Cybersecurity as a criterion of the supplier’s selection process, performed via shared-assessment platforms, classical questionnaires, scoring platforms assessments and so on.||
Darkbeam's automated Supplier Cyber Risk Management platform enables instant cyber vulnerability assessments of any organisation without their input.
As well as comprehensive Vulnerability Intelligence, Darkbeam's platform continuously collects Threat Intelligence from the dark web to alert you of real-world compromises to the organisation's security.
|Once the collaboration with the third party has begun, during the contract period and on a contract renewal, the company should create opportunities to perform continuous assessments of the supplier cybersecurity position – for example, through scoring platforms – and, if necessary, update the contractual requirements.||
Darkbeam's automated Supplier Cyber Risk Management platform continuously re-assesses monitors vendors at-scale in a highly cost-effective way. Several organisations monitor tens of thousands of suppliers continuously within the Darkbeam platform.
Darkbeam provides automated Supplier Cyber Risk Management capabilities to cybersecurity and procurement teams which enable them to measure, monitor and reduce their exposure to cybersecurity risks through vendors.
The Darkbeam platform makes this fast and easy, removing the need for dedicated internal resources and expertise - allowing risk reporting and reduction at scale in a highly cost-effective way with minimal time requirements.
For more information about how Darkbeam can support your organisation to understand and reduce cybersecurity risks among your suppliers, please call +44 (0)20 3833 0348 or contact us using the form below.