Large scale data breaches still originating from supply chains1 min read

Another significant data breach mid-December should be a stark reminder to all organisations of the importance of proper cybersecurity measures, especially going into 2021. People’s Energy joined the list of businesses that have been affected by large-scale hacks in 2020, among the likes of Marriot International, easyJet and Experian.

Cybersecurity cannot be a point-in-time, fixed response – as an organisation’s attack surface grows and changes, their cybersecurity measures must adapt in kind. As businesses are increasingly migrating sensitive and critical data and processes onto cloud services, it’s more important than every to conduct regular reviews of cybersecurity policies. These reviews should be in-depth, and must gather actionable information about which measures are working, as well as those that need to be updated.

Additionally, businesses should ensure due diligence with every third-party they are connected with, checking their cybersecurity posture and policies are strong as well. Recent data from the US NIST shows that approximately 80% of cyberattacks originate from third parties. Each third-party inherently heightens an organisation’s risk level, so businesses should be aware of any new threats that broadening their attack surface brings.

Going into 2021, organisations should have a concrete plan to review and update their cybersecurity policies. This can be achieved several ways: by requesting information from third parties to conducting pentests using tools such as CyCheck, for example.

For companies with many suppliers or third parties, the simplest and best way to manage their cyber risk will be by using a tool like CyDesk. CyDesk allows organisations to visualise their digital footprint, and provides them with real-time data on their risk level and cybersecurity posture.

As technology advances, so do cyber criminals. Make sure that you stay one step ahead of would-be cyberattackers by being proactive with your organisation’s cybersecurity measures.