According to a ISACA IT governance reportan association of technology professionals dedicated to the support and sponsorship of various systems and certifications to carry out control and audit activities in technological systems, technology professionals they are not very confident that the supply chain is secure. In fact, according to the data collected in it, only 44% of IT professionals are very confident in your own company.
In addition, 30% say that those responsible for their organizations do not have a sufficient understanding of the risks that lurk in supply chains. And they don’t seem to have much confidence that the situation will improve in the future either. Because 53% of those surveyed believe that supply chain problems will remain the same, and even worsen, in the next six months.
The report is based on a survey of 1,300 IT professionals with information on supply chains, of which 25% indicated that their organization suffered a supply chain attack in the last 12 months. And it reflects your main concerns about your risks. Thus, 73% point to ransomware as their main concern regarding the supply chain. Another 66% to poor information about vendor security practices, and 65% to security software vulnerabilities.
Another 61% are concerned about the risks that third-party data storage can pose to the supply chain, and 55% about third-party service providers with physical or virtual access to information systems, software source code, or IP addresses.
In terms of taking action, 84% of those surveyed say that their organization’s supply chain needs better governance than it currently has. And almost 20% point out that the advice process of their providers does not include advice on cybersecurity or privacy. In addition, 39% of those who have answered the survey indicate that they have not developed incident response plans with suppliers in the event of a cybersecurity incident.
In addition, 60% have not coordinated or practiced supply chain-based incident response plans with their suppliers. And another 49% answered that their organizations do not perform supply chain vulnerability scanning or penetration testing.
According to John Pironti, member of the ISACA Emerging Trends Working Group«Managing supply chain security risks requires a multi-pronged approach, which involves regular cybersecurity and privacy assessments, as well as the development and coordination of incident response plans. In both cases, in collaboration with suppliers. Developing strong relationships with your organization’s vendors, as well as establishing active communication channels, is a key part of ensuring that reviews, information sharing, and issue mitigation occur smoothly and effectively.«.
