FAQs: Cyber risk scoring in supply chains
Cyber risk is increasing significantly, with adversaries looking to exploit…
But that doesn’t make the cyber perils permanently facing businesses everywhere any less important.
According to the 2022 Allianz Risk Barometer, published a few weeks before the invasion, cyber incidents were already the biggest cause of concern for businesses, selected by 44% of 2,650 respondents across 89 territories.
This was ahead of factors like business interruption (42%), natural catastrophes (25%) and even the Covid-19 pandemic (22%) and climate change (17%).
Other recent studies touch on the reasons for such high levels of concern. Weekly corporate cyber-attack attempts grew by 50% in 2021 compared to 2020. In addition, 47% of businesses indicated that cyber security attacks had caused work interruptions and/or production downtime in affected departments during the year. And, what’s particularly alarming, just 7% of corporate networks are estimated to be secure against attack.
Not only that, the impact of an attack can be massively costly and long-lasting for the victims. According to the World Economic Forum’s Global Cybersecurity Outlook 2022, the average cost of an attack to an organization is US$3.6 million, while it takes an average of 280 days to identify a cyber-attack and fully restore business continuity.
No organization or sector is safe. It emerged in February 2022 that News Corp, the world’s biggest media company, had identified a data breach targeting Wall Street Journal reporters that had been ongoing for close to two years. Also in the US, NVidia, America’s biggest microchip company, was hit by a cyber-attack in February that saw parts of its organization taken offline for two days.
It’s not just businesses that are at risk. Again, in February, the Canadian government’s foreign affairs department was subjected to an attack on its internet-based services. And in Switzerland, humanitarian charity The Red Cross suffered an attack that has compromised the security of information on 550,000 vulnerable people.
For some companies, getting the right defenses in place is even more urgent than it is for others. Those with diverse and growing international and digital supply chains face additional threat. Your organization’s security is only as strong as its weakest point, and the complexity of so many business ecosystems today is making it all too easy for predators to find vulnerabilities.
This is why so many attacks start with a company in the supply chain, through suppliers with access to the company network or via any data they might hold – on you or your customers. And today, with many employees still working remotely, the number of these weak points is massively increased.
There are many different cyber threats, with major differences between those that businesses fear most and those that cause cyber experts to lose most sleep. While businesses see ransomware and social engineering as the biggest threats, cyber leaders are most concerned about the potential for infrastructure breakdown and identity theft.
There’s a danger this difference between the views of business and those of the specialists could cause a damaging loss of focus that dilutes the effectiveness of companies’ cyber-protection and risk-management activities.
So it’s time to close the gap between the views of cyber experts and business leaders in a way that uses accurate vulnerability assessments and effective cyber-resilience strategies to present a united front against threats.
That’s where partnering with Achilles comes in. First, we make any gap between the views of your business and your cyber leaders entirely irrelevant by providing the right safeguards at every point.
Next, we not only collect and verify data on all your suppliers, we also audit them regularly to ensure that every part of their operations is as secure as it should be.
And now we’ve taken this a unique stage further, partnering with Orpheus to provide cyber-risk scoring on suppliers to give you advanced cyber intelligence on how likely a supplier is to be targeted by cyber criminals. This service gives you actionable advice on how to mitigate any issues, using our extensive threat-intelligence experience to identify precisely what cyber-attackers are looking for and what they will try to exploit.
In fact, peer reviews show our machine learning is at least 94% accurate when predicting future threats, giving you access to the Orpheus Cyber Risk Rating, which details exactly what you should be doing to reduce risk. And, by offering a hacker’s perspective, we ensure you get the sensitivity and adaptability needed to minimize risk at every point.