Overwhelmingly, businesses lack third-party cyber threat visibility and rely on vendors to alert them of incidents which could impact the security of their data or operations. All despite cyber professionals repeatedly being told not to report such events. This article explores the scale of the problem and suggests a workable solution for stretched teams and budgets.
There are 4,500 successful security breaches of UK businesses every day. With the continuous flow of data between businesses and third-parties/vendors, this exposes sensitive information to continuously developing levels of risk.
Sensitive data is exposed through suppliers
The Darkbeam Threat Environment Report for April 2023 includes information regarding a major contracting firm who were breached; revealing scanned copies of passports, police records searches, contracts with clients and sensitive details of client projects.
Despite this, 87% of UK companies don't monitor cybersecurity risks or incidents among their third-parties, instead relying upon vendors to notify them of any data breaches which occur.
This is supported by a recent poll on Darkbeam's LinkedIn page. Although unscientific in nature, 79% of respondents (at the time of writing) expect that they would be notified either immediately or within 48 hours of a cybersecurity breach affecting a third party.
That opinion from security professionals is likely borne through necessity; a recent industry survey showed that 62% of cybersecurity teams are under-staffed. Despite this, the trust in suppliers might be mis-placed. 40% of cybersecurity professionals (rising to 71% in America) say they have been told not to report cybersecurity incidents.
From a shareholder's perspective, there could be a strong (if illegal and immoral) argument for this. A PCI Pal study found that nearly half of customers would think twice about spending money with a business in the months following the disclosure of a cybersecurity incident.
Even with the best intentions, the time taken for a vendor to discover and investigate a breach before notifying you increases your time to respond to an incident.
There is a solution to this black hole of unknown risk – even for stretched cybersecurity teams and budgets.
Dark web monitoring of key suppliers provides notifications when threats are detected, informing intelligence-led responses and a reduced time to remediation. These practical benefits are reinforced by a demonstrably strengthened governance posture.
Darkbeam's dual-capability Supplier Cyber Risk Management platform combines this continuous dark web monitoring with automated vulnerability assessments of all vendors, highlighting specific areas of risk without the need for manual reviews of all third parties.
Created to operate at any scale, the platform automates third-party cyber risk monitoring & reporting for all third-parties in an ecosystem, as well as dark web monitoring for incidents affecting any which hold/access sensitive data or have the potential to disrupt operations.
To explore the capabilities of the Darkbeam platform for free (no credit card required), create a free account. Alternatively, contact us using the form below or call +44 (0)20 3833 0348.