While the WikiLeaks saga is unfolding across the globe, it seems only fitting to take another look at risks in cyber supply chain security.
Unfortunately, though, the news is not at all reassuring even among organizations that play a vital role to national security.
A new research report, released late last month by the Enterprise Strategy Group (ESG), found that many of the 18 industries designated as "critical infrastructure" by the United States Department of Homeland Security are woefully lacking in cyber supply chain security.
Sixty-eight percent of the critical infrastructure organizations surveyed have experienced at least one security breach in the past 24 months, and 13 percent suffered more than three security breaches in the past 24 months.
Twenty percent of respondents working at critical infrastructure organizations rated the effectiveness of their organization's security policies, procedures, and technology safeguards as either "fair" or "poor."
Seventy-one percent of the critical infrastructure organizations surveyed believe that the security threat landscape will grow worse in the next 24-36 months26 percent believe it will be "much worse."
Specifically, the report identifies security weaknesses in IT procurement, software development and inter-organizational sharing of IT systems.
A vast majority (71 percent) of respondents believe that the Federal Government should be more active with cybersecurity strategies and defenses31 percent believe that that the government should be significantly more active.
What can companies do to mitigate the risk of a cyber supply chain attack that could impact business aoperations and service delivery to the public?
For starters, companies can institute fundamental cyber security best practices. Apparently, most are not undertaking even the most basic precautions.
"This report highlights that many critical infrastructure organizations can immediately benefit by adopting basic cyber security and supply chain security best practices," said Jon Oltsik, Principal Analyst at the Enterprise Strategy Group and author of the research report.
The full report, Assessing Cyber Supply Chain Security Vulnerabilities Within the U.S. Critical Infrastructure, is available here.