<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=126274287733237&amp;ev=PageView&amp;noscript=1">

Monitoring supply chain risk: How to guard against IT security breaches

Posted by Len Simmons on Sep 21, 2015 4:53:32 PM

software-762486_1280

Serious breaches of data are regularly making news headlines, but it is not only celebrities under threat. All companies must now take steps to protect themselves online and ensure that their supply chain doesn't expose them to cyber-criminals.

A recent PwC report found that 81 percent of large organisations and 60 percent of small businesses had been the victim of a security breach in the past year. Another troubling finding was that the overall cost of a data breach had increased dramatically since 2013.

Security breaches can have an adverse effect on cash flow, profitability and reputation. Not to mention the steep financial penalties which regulators hand out for negligence. 

Supply chain risk

The dynamic nature of the cyber-threat means that businesses seem constantly to be scrambling to keep up with the latest threat. To be effective, an information protection strategy must protect both externally and internally and must ensure that there are no weak links in the supply chain.

Firewalls and other ruled ‘perimeters’ provide security against outside intruders, but these measures alone are insufficient. It is estimated that 80% of data breaches occur because of human error. One employee can unintentionally compromise an elaborate protection network for something as seemingly-minor as failing to change a default password.

8 common weaknesses

The Information Commissioners Office (ICO), the data regulator, has released a report detailing the most common weaknesses which compromise systems. These eight areas are:

  • a failure to keep software security up to date;
  • a lack of protection from SQL injection;
  • the use of unnecessary services;
  • poor decommissioning of old software and services;
  • the insecure storage of passwords;
  • failure to encrypt online communications;
  • poorly designed networks processing data in inappropriate areas; and
  • the continued use of default credentials including passwords.

It is perhaps surprising how basic some of the weaknesses are and how easy it would be to provide adequate protection.

Through effective staff training, many of these weaknesses could be averted. It is essential that businesses check IT security compliance among their suppliers - ensuring that these organisations have robust policies and measures in place to prevent common security failures.

Introducing Altius Exigo

Atius'  Exigo compliance software is used by major corporations, such as global advertising agency Leo Burnett to ensure information security across their supply chain. To find out more about Altius Exigo, request your free demo today.

Exigo_Essentials_Free_Demo

 

Photo Credit: Pixabay

Topics: Assessment Focus