Supply chain third-party risk escalates

Directors need a clear understanding of the external threat landscape, according to Fabio Fratucello MAICD, Field CTO, International, at CrowdStrike. They need to not only be across global and regional trends, industry-specific risks and adversaries their organisation faces, but to evaluate the security posture of third-party vendors.

ASIC's recent report, Spotlight on Cyber: Findings and Insights from the Cyber Pulse Survey 2023, shows 44 per cent of organisations surveyed do not manage third-party or supply chain risk - a red flag for boards and directors.

Equally concerning are the findings of the small organisations surveyed - 69 per cent of participants had "minimal or no capabilities in third party or supply chain risk management". Almost six in 10 surveyed indicated they do not test cybersecurity incident responses of critical suppliers.

"Boards should ensure their organisations scrutinise whether third parties have modern security solutions in place," says Fratucello.