Top Three Takeaways from Bill Palisano
On February 21st, 2019, Lincoln Archives and LACyber President, Bill Palisano served as a panelist for the International Cyber Security for Manufacturer's seminar hosted by the World Trade Center of Buffalo. Below are some reflections from Bill on participating in this event:
While updating current statistics relating to cyber defenses, breaches, and threat vectors for manufactures and supply chain partners, I was shocked by the following current stats:
According to Bomgar/BeyondTrust (www.beyondtrust.com), a leader in secure access solutions, 2017 survey of 608 IT professionals found:
- On average, 181 vendors are granted access to a company's network in a given week. This is more than double the number from 2016.
- 67 percent have already experienced a data breach that was either definitely (35 percent) or possibly (34 percent) linked to a third-party vendor.
- Two-thirds of respondents said they trust third-party vendors too much.
According to Ponemon Institute’s Data Risk in the Third-Party Ecosystem Third Annual Report, published November 2018, (www.ponemon.org ):
- 59 percent of all (US & UK) respondents confirm that their organizations experienced a data breach caused by
one of their third parties.
- 42 percent of respondents say they had such a data breach in the past 12 months.
- Only 29 percent of respondents say a third party would contact them about the data breach.
- Only 12 percent are confident they would learn that their sensitive data was lost or stolen by a 3rd Party vendor.
What does this tell us:
- Your vendors and supply chain partners with access to your systems are growing dramatically.
- Your vendors and supply chain partners are definitely being targeted (as ‘softer targets’ w/ access to your systems), and definitely growing as threat vectors. Remember: “a chain is only as strong as its’ weakest link.”
- Discovery of, organizing and managing your 3rd Party Vendors and supply chain partners (Risk!), is Mandatory!
Ronald Reagan had a great adage: “Trust, but verify.” It definitely fits here.
Lincoln Archives is the only family owned NAID AAA Certified organization in WNY and includes the division of LACyber providing comprehensive Data Breach Defense Services. Lincoln Archives is proud to be a part of Lincoln Family of Companies serving the Western New York Community since 1914.
by Bill Palisano