Organisations have become so digitally interconnected, that it is now impossible to do business without some form of reliance on a of a third party, whether that’s a piece of cloud-based software, a supplier, or a partner.
And as the digital world advances the web of interconnectivity that supports modern business is only going to grow and get more entwined. Whilst the functionality that an extended supply chain provides only supports the business, it does however grow (sometimes uncontrollably) each business’s threat landscape considerably and multiplies the risk significantly.
Furthermore, the impact of COVID-19 restrictions globally meant organisations had to rapidly digitalise leaving them more vulnerable to cyber-crime, and possibly deprioritising cyber-security in favour of functionality to remain operational.
As organisations were already dealing with the challenges of COVID-19, now had the increased pressure of being subject to a ransomware attack - a situation that continues to be leveraged significantly by cyber criminals.
Ransomware attacks – a fixed feature on the threat landscape
Even with the spectacular demise of ransomware actors such as REvil, it would appear that ransomware is here to stay.
According to the National Cyber Security Centre's 2021 annual review there were three times as many ransomware attacks in the first quarter of 2021 than in the whole of 2019, and this acceleration is not due to slow down anytime soon.
In a PWC study, Richard Horne, Cyber Security Chair, PwC UK, warned, “Even when their own cyber defences are solid, organisations can be vulnerable to an attack through their suppliers. A sophisticated cyber-criminal will always search for the weakest link. It is essential for business leaders to fully understand and manage their organisation’s web of third-party relationships.”
Combine this with Cybersecurty Ventures predictions that by 2031 ransomware will cost victims more around the $265 billion with a new attack every 2 seconds and a 30% year on year growth in damage cost over the next ten years. It’s fair to say business need to act fast and class their entire third-party ecosystem with the same high standards are their own internal procedures to prevent an attack happening to them.
Automated third-party risk management solution is what is needed
You can never eliminate risk especially those posed by a third-party however there are tools that you can use to give you an understanding of your external risk profile and any vulnerabilities that may leave you exposed to an attack. Darkbeam’s Horizon automated platform gives you the ability to view your third-party risk in seconds.