For many years, the hacks that made headlines involved vast breaches from a single company — devastating to the people whose data was exposed, but containable events. Those are fast becoming quaint.
Increasingly, hacks are spreading malware across hundreds or even thousands of organizations by exploiting the security updates for widely-used tools. This shows that companies up and down the enterprise IT supply chain face considerable risk, not just from the vendors, suppliers and partners that companies work with directly — what is called third-party risk — but also from attacks at many degrees of separation. And some businesses may not even be aware that they are vulnerable to this “nth-party risk” — and the consequences may be devastating.
How did we get here?
Companies are eager to integrate the latest enterprise technology into their own IT stacks for ease and operating efficiency. At the same time, they're also embracing the Internet of Things — often without taking adequate cybersecurity precautions. And nearly all businesses these days have subcontractors. For example, a large bank may have 7,000 companies in its supply chain, and those 7,000 may utilize an additional 13,000. And so on. This potent combo exposes entire IT supply chains if even one company in a chain isn't properly protecting itself from cybersecurity vulnerabilities.
How big are the potential losses in supply chain attacks?
The financial damages can dwarf those of single-party attacks. According to RiskRecon, a Mastercard company that helps organizations proactively manage cyber-risks, losses from multiparty attacks can be 13 times larger than single-party incidents, and in extreme cases may be far worse — $16 million on average in single-party incidents vs. $417 million for multiparty hacks. The number of these "ripple events" has increased 20% annually since 2008, RiskRecon found. They impact on average 10 companies beyond the initial target, but in the worst cases, their reach may be far wider — up to as many as 131 downstream firms in the most severe instances.
Click on the button below to read the full article on the Mastercard Newsroom!