You can’t guarantee your partners and vendors will be secure as you are. But you can work to assure their lapses don’t become yours.

One of the initial vectors for cyberattacks is using the supply chain.

Companies work with many suppliers, vendors, and other third parties. Organizations communicate daily with countless outside companies, whether the main client, a third-party billing partner or the company that supplies your office’s water cooler. A supply chain/vendor attack happens when the attacker undermines a third party. Every company they do business with is at risk when a trusted partner gets hacked.

This risk is real and uprising. It made great headlines with SolarWinds, Kaseys, and Accellion attacks. But it’s not just the leading companies that are at risk. It’s everybody.

In Oct. 2021, a break in the supply chain impacted 97% of companies; 93% said they suffered a breach due to the suppliers’ weaknesses. Causing things even tougher was that breaches (at 37%) grew faster than cybersecurity budgets (at 26%).

It’s become such a worry that the European Union Agency for Cybersecurity anticipated a fourfold boost in such attacks and emphasized that malware is employed in 62% of the attacks observed thus far.

This is the novel adage: Your security is only as good as your partner’s.

Example from the world of finance. A bad actor hacks a vendor you work with. That hacker can easily begin sending invoices and reference strange bank accounts.

Here’s the tough part: the sending email address will be legit. So the standard sender verification marks will be passed.

Discerning users can find tell-tale indicates something is incorrect in billing terms and fine print. Or, the reply-to address can be more diverse than what you’re used to.

That cyber hygiene from end-users is unbelievably important and is always recommended. But it may not be enough.

Therefore it’s incredibly important to secure the supply chain. Nevertheless, not all supply chain protections are as robust as others.

A solution desires to automatically learn a company’s list of suppliers and partners for the best security. However, forgetting a supplier is very easy if you manually upload or maintain a database.

Anyway, the solution needs to automatically discover the essence of the partner or supplier to an organization, looking at traffic patterns, the employees they engage, and more. Finally, it needs to assess business volume by looking at all invoices and calculating risk based on the dollar amount. So, briefly, the solution is necessary to dynamically and automatically evaluate a company’s entire supply chain risk and constantly update and secure it.

You can’t guarantee your partners and vendors will be secure as you are. But you can work to assure their lapses don’t become yours.