Third-party security risks overlooked
Over half of firms failing to check supplier credentials
Some 55 per cent of firms are leaving themselves vulnerable to attack by failing to ensure the security credentials of third-party suppliers, according to research published this week.
The Ernst & Young Global Information Security survey says while many firms are spending more on security compliance, they are not ensuring their business partners have similar policies.
Richard Brown, the report’s author and head of security risk services at Ernst & Young, says over the past two years firms have made little or no effort to address third-party risk.
‘A security breach in a third-party partner could be enough to bring an organisation down and businesses will get burned if it does not improve,’ he said.
Sheila Upton, director of technology and security risk services at Ernst & Young said: ‘You need to assess the risk yourself because it is your customers, your data and your business at risk. A formal approach to this and recognising it as a cross-business issue is vital.’
The report coincides with vendor Cisco’s annual global security study, which says 41 per cent of companies expect to increase their security spending by at least 10 per cent next year.
Some 38 per cent of IT decision-makers surveyed said they have seen increases in security-related helpdesk calls about virus attacks, phishing, identity theft and hacking.
Companies are placing more emphasis on reporting security incidents, says Phil Cracknell, president of the Information Systems Security Association UK.
‘There has been a big push in policy around how to notify the helpdesk so that firms can take account of how many incidents are taking place,’ he said.
What do you think? Email [email protected]
Further reading: