Avetta®, a provider of supply chain risk management software, announced the launch of the Cyber Risk Solution, providing a quantitative score that evaluates cyber health in ten areas and delivers an aggregate grade for each supplier. The Avetta One feature offers a diagnostic cyber health check that identifies potential risk areas for companies to investigate further.
Why is Avetta’s Cyber Risk Solution a timely product?
Supply chains are particularly vulnerable to cyberattacks, as suppliers, contractors and vendors tend to have less mature IT and security functions. Consider this:
- Almost half of small businesses have been victims of cyberattacks.
- Gartner predicts 45% of global organisations will be impacted by a supply chain cyberattack by 2025.
- A total of 108.9 million global accounts were breached in the third quarter of 2022, a 70% increase. Indonesia, one of Australia’s most important bilateral partners, is in the top five for breaches.
- IBM found 75% of organizations have had a ransomware attack – 64% paid the ransom and 40% failed to recover their data.
- Two out of five Australian companies have seen an increase in cyber ransom demands. Australia may ban the payment of cyber ransoms after a consumer lender received a demand and 7.9 million Australia and New Zealand driver’s license numbers were stolen.
Australia Senior Minister Clare O’Neil said the country faces a “dystopian future” from cyberattacks and that the breaches involving Medibank, Optus and Latitude were just the “tip of the iceberg”. Cyberattacks can cause debilitating business disruptions involving stolen data, locked systems, interrupted operations, and other problems throughout a supply chain. These attacks are also incredibly high profile and can put a company’s reputation at risk.
The Cyber Risk Solution is the latest component of Avetta One, a comprehensive supply chain risk monitoring platform. The new feature provides instant visibility into the cyber health of a company’s full supply chain, including continuous monitoring that alerts customers when the risk score falls outside of an acceptable range. Global customers can use it as a diagnostic tool to gain insight into third-party cyber risks and inform sourcing decisions.
What does the solution mean for the industry?
“Suppliers and contractors are often an overlooked cybersecurity risk, but supply chain cyberattacks are increasing and can have devastating consequences. Avetta’s solution transforms the supply chain risk management landscape by offering a comprehensive way for businesses to constantly monitor all third parties for safety, financial health, ESG and now cybersecurity,” commented Taylor Allis, Chief Product & Marketing Officer at Avetta.
Avetta’s solution can identify potential risks that could lead to an attack, making it a critical part of understanding holistic supplier and contractor risk. For example, a supplier with an F rating is seven times more likely to be a victim of a breach than one with an A rating.
A procurement leader at a large transportation company said the Cyber Risk Solution’s reporting capabilities are “fantastic”, adding, “I can get a clear picture into the suppliers that have a cybersecurity risk and am able to drill down into specific issues easily.”
The feature can be used by all companies, but is particularly relevant to companies with large dependencies on supply chains for operations and delivery due to the magnitude of a potential business interruption from a cyber incident. Power generation and utility firms can be especially vulnerable because power outages or service interruptions impact consumers.
How effective is Avetta’s Cyber Risk Solution?
Avetta’s Cyber Risk Solution is powered by SecurityScorecard, the security ratings, response, and resilience firm. It provides actionable insights for more than 12 million organisations so users can know who to trust, quickly respond to cyber risks and strengthen cyber defenses.
“While more organisations today are aware of the cyber risks they face, we find that many still neglect the massive cyber vulnerabilities in their extended supply chain. Organisations need visibility into the security ratings of their entire third- and fourth-party ecosystem so they can know in an instant whether a firm deserves their trust and can take proactive steps to mitigate risk,” said Alex Rich, Vice President, Strategic Alliances at SecurityScorecard.
“With this partnership, Avetta is helping their clients get simple visibility into those third-party risks to protect their data and the smooth flow of operations,” Alex Rich further commented.
SecurityScorecard’s patented rating technology is used by more than 25,000 organisations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting and regulatory oversight. Clients can share suppliers’ Cyber Risk Scores with any of their suppliers so they can understand their cyber gaps and enact mitigation and corrective action plans to reduce potential supply chain cyber threats.
To learn more about Avetta, visit the website.
What is the wider industry context of this product launch?
In today’s interconnected world, supply chain cybersecurity is more important than ever. A single security breach at a supplier can have a devastating impact on an organization’s operations, finances, and reputation.
Types of Supply Chain Cybersecurity Risks
There are many different types of supply chain cybersecurity risks, including:
- Data breaches: Data breaches can occur when a supplier’s systems are hacked, resulting in the theft of sensitive data such as customer information, financial data, or intellectual property.
- Malware attacks: Malware attacks can be used to disrupt or disable a supplier’s systems, or to steal data.
- Supply chain sabotage: Malicious actors may attempt to sabotage a supplier’s operations, such as by disrupting their supply chain or damaging their equipment.
How to Mitigate Supply Chain Cybersecurity Risks
There are a number of steps that organizations can take to mitigate supply chain cybersecurity risks, including:
- Implementing strong cybersecurity measures: Organizations should implement strong cybersecurity measures at their own facilities, including using strong passwords, implementing multi-factor authentication, and regularly patching software.
- Working with suppliers to improve their cybersecurity: Organizations should work with their suppliers to improve their cybersecurity practices. This may include sharing security best practices, conducting security assessments, and requiring suppliers to implement certain security measures.
- Monitoring the supply chain for risks: Organizations should monitor their supply chain for potential risks, such as news reports of security breaches or attacks.
- Being prepared for a cyberattack: Organizations should have a plan in place to respond to a cyberattack, such as a data breach or malware attack.
Conclusion
Supply chain cybersecurity is a complex issue, but it is one that organizations cannot afford to ignore. By taking steps to mitigate supply chain cybersecurity risks, organizations can help to protect their operations, finances, and reputation.
In addition to the above, here are some additional tips for improving supply chain cybersecurity:
- Use a risk-based approach: When assessing and mitigating supply chain cybersecurity risks, it is important to take a risk-based approach. This means focusing on the risks that are most likely to occur and that would have the most significant impact on the organization.
- Be proactive: Organizations should be proactive in their approach to supply chain cybersecurity. This means taking steps to prevent security incidents before they occur, rather than simply reacting to them after they happen.
- Continuously monitor and improve: Organizations should continuously monitor their supply chain cybersecurity posture and make improvements as needed. This is an ongoing process that requires regular attention.
By following these tips, organizations can help to improve their supply chain cybersecurity and reduce their risk of a security incident.
Gerald Ainomugisha is a business news reporter and freelance B2B marketer with over 10 years of experience in writing high-converting copy and content for businesses of all kinds, especially SaaS providers in the niches of HR, IT, fintech, eCommerce and web3. Since joining Upwork in 2012 (back when it was still eLance), Gerald A. has delivered great results for hundreds of clients, maintaining a 98% Job Success rate as well as 5+ years of Top Rated Plus rating (and Premium Writers Talent Cloud membership). Book a meeting with Gerald A. today to get the powerful SEO content you need!
