Nearly 90% of contractors in the US defense industrial base (DIB) do not meet required security standards, as per a recent report.
(https://wwwassets.rand.org/content/rand/blog/2023/01/software-supply-chain-risk-is-growing-but-mitigation/jcr:content/par/teaser.aspectfit.0x1200.jpg/1674770044448.jpg)
This poses a significant threat to national security due to the sensitive nature of information held by defense contractors and the constant risk of state-sponsored hacking operations.
The research was conducted by CyberSheath, a cybersecurity compliance service provider, using the Supplier Risk Performance System (SPRS). The Pentagon supply chain evaluation revealed that only 11% of surveyed contractors were able to meet the minimum score of 70.
This poses a clear risk to national security and indicates several areas where contractors are non-compliant. These include the use of foreign cybersecurity services, the absence of vulnerability management systems, multi-factor authentication systems, endpoint detection and response solutions, and security information and event management systems.
The significance of supply chain security cannot be overstated, especially with the rise of multinational supply chains where weak links can pose serious risks to both smaller and larger enterprises alike. One instance that demonstrates how vulnerable supply chains can be is the cyberattack on Maersk, which goes down in history as the most destructive cyberattack ever recorded. This attack disrupted the global IT network of the world's largest container shipping company.
As supply chains become more reliant on technology, their exposure to cyber threats increases significantly, necessitating that measures be implemented to mitigate these risks effectively.
It used to be that physical threats like terrorism and theft were the primary concerns for supply chain security. But now, information security threats must also be taken seriously, given the increasing use of cloud solutions for supply chain management, which can pose additional difficulties and security risks if not managed effectively.
Therefore, it is crucial for companies to adopt measures that combat both physical and information security threats to ensure the resilience and robustness of their supply chains. Without doing so, they risk significant disruption to their operations, reputation, and bottom line.