TechDogs-"99% of Global 2000 Companies Directly Connected to a Supply Chain Breach"

Cyber Security

99% of Global 2000 Companies Directly Connected to a Supply Chain Breach

By Business Wire

Business Wire
Overall Rating

20% of these megacompanies use a thousand or more products

LAS VEGAS--(BUSINESS WIRE)--BLACK HAT 2024 – New research from SecurityScorecard and The Cyentia Institute identified 99% of Global 2000 companies are directly connected to vendors that have had recent breaches. Prompted by new SEC cybersecurity requirements demanding transparency around third-party breaches, this report highlights the escalating risk of multi-party supply chain attacks.

The interconnected nature of modern business means that a vulnerability in one part of the supply chain can have far-reaching consequences, potentially impacting the entire ecosystem. Massive third-party incidents like Change Healthcare, MOVEit, and SolarWinds underscore the critical need for robust supply chain cybersecurity.

Key Findings: Global 2000: Industry Titans Battle the Beast of Supply Chain Cyber Risk

  • 99% of Global 2000 companies are directly connected to a supply chain breach.
  • 20% of these megacompanies use a thousand or more products.
  • Supply chain incidents cost 17X more to remediate and manage than first-party breaches.
  • The estimated total losses from Global 2000 breaches ranged between $20 billion and $80 billion over 15 months.
  • Global 2000 companies face significant concentrated risk due to their interdependence, with 90% acting as vendors to each other.
  • The top 8 most widely deployed vendors are used by at least 80% of Global 2000 companies, with 4 of the top 5 reporting a recent breach.

Wade Baker, partner and co-founder at The Cyentia Institute, said: “While the Global 2000 boasts $51.7 trillion in revenue, their interconnectedness exposes them to severe cyber risks – with 99% directly connected to breached vendors and incidents that can tally into the tens of billions.”

Know Your Supply Chain

Whether caused by a malicious DDoS attack or a faulty patch update, the end result of a supply chain event is the same: Users are denied access to critical systems.

Knowing Your Supply Chain (KYSC) is becoming an increasingly important component of cyber resilience. Understanding the dependencies within your organization and those of your vendors is critical for responding to incidents effectively. Even the most reliable vendors and partners can experience issues.

Key steps to securing the supply chain include:

  1. Continuously monitor the external attack surface: Safeguard your IT ecosystem with continuous automated scanning. Identify and mitigate IT infrastructure and cybersecurity risks across vendor, agency, and partner environments.
  2. Identify single points of failure: Map the critical business processes and technologies to identify any single points of failure. Create a watch list with these vendors.
  3. Automatically detect new vendors: Passively monitors vendors’ IT deployments to identify and resolve hidden supply chain risk.

Ryan Sherstobitoff, Senior Vice President of Threat Research and Intelligence, said: “The world is only beginning to grasp the potential for chaos caused by concentration risk. Understanding and managing your supply chain is critical to protect business continuity. It's not just about preventing disruptions; it’s about safeguarding the very foundation of our interconnected economy.”

Methodology

The Forbes Global 2000 ranks the largest companies in the world using four metrics: sales, profits, assets, and market value. The 2024 list accounts for $51.7 trillion in revenue, $4.5 trillion in profits, $238 trillion in assets, and $88 trillion in market value. The analysis focused directly on the security posture and breach history of the Global 2000 and the ecosystem of third-party vendors surrounding each Global 2000 company to understand the nature of cyber risk across their supply chains.

The data on third-party relationships comes from SecurityScorecard’s Automatic Vendor Detection capability. Automatic Vendor Detection identifies vendors and products that make up the digital supply chain of modern organizations.

SecurityScorecard continuously scans the internet to identify vulnerable and misconfigured digital assets. Additionally, SecurityScorecard monitors signals across the Internet, relying on a global network of sensors that spans the Americas, Asia, and Europe. The company operates one of the world’s largest networks of sinkholes and honeypots to capture malicious signals and further enrich its data set by leveraging commercial and open-source intelligence sources.

Additional resources

About SecurityScorecard

Funded by world-class investors, including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings, with more than 12 million companies continuously rated.

Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented security ratings technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight.

SecurityScorecard achieved the Federal Risk and Authorization Management Program (FedRAMP) Ready designation, highlighting the company’s robust security standards to protect customer information, and is listed as a free cyber tool and service by the U.S. Cybersecurity & Infrastructure Security Agency (CISA). Every organization has the universal right to its trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.


Contacts

Allison Knight
10Fold for SecurityScorecard
securityscorecard@10fold.com

First published on Mon, Aug 5, 2024

Liked what you read? That’s only the tip of the tech iceberg!

Explore our vast collection of tech articles including introductory guides, product reviews, trends and more, stay up to date with the latest news, relish thought-provoking interviews and the hottest AI blogs, and tickle your funny bone with hilarious tech memes!

Plus, get access to branded insights from industry-leading global brands through informative white papers, engaging case studies, in-depth reports, enlightening videos and exciting events and webinars.

Dive into TechDogs' treasure trove today and Know Your World of technology like never before!

Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. All information / content found on TechDogs' site may not necessarily be reviewed by individuals with the expertise to validate its completeness, accuracy and reliability.

Join The Discussion

- Promoted By TechDogs -

IDC MarketScape: Worldwide Modern Endpoint Security for Midsize Businesses 2024 Vendor Assessment

Join Our Newsletter

Get weekly news, engaging articles, and career tips-all free!

By subscribing to our newsletter, you're cool with our terms and conditions and agree to our Privacy Policy.

  • Dark
  • Light