Register for your free TechRepublic membership or if you are already a member, sign in using your preferred method below.
We recently updated our Terms and Conditions for TechRepublic Premium. By clicking continue, you agree to these updated terms.
Invalid email/username and password combination supplied.
An email has been sent to you with instructions on how to reset your password.
By registering, you agree to the Terms of Use and acknowledge the data practices outlined in the Privacy Policy.
You will also receive a complimentary subscription to TechRepublic’s News and Special Offers newsletter and the Top Story of the Day newsletter. You may unsubscribe from these newsletters at any time.
Username must be unique. Password must be a minimum of 6 characters and have any 3 of the 4 items: a number (0 through 9), a special character (such as !, $, #, %), an uppercase character (A through Z) or a lowercase (a through z) character (no spaces).
Tech pros have low confidence in supply chain security
Your email has been sent
A new report from ISACA finds that 53% of respondents believe supply chain issues will stay the same or worsen over the next six months.
Security threats have heightened the supply chain challenges enterprises have faced over the past two years, and a new ISACA survey report finds only 44% of IT professionals surveyed have high confidence in the security of their organization’s supply chain.
Furthermore, 30% said their organization’s leaders don’t have a sufficient understanding of supply chain risks, and the future doesn’t look much better—53% said supply chain issues will stay the same or worsen over the next six months, according to the report by the professional association, which focuses on IT governance.
The report includes responses from more than 1,300 IT professionals with supply chain insight, 25% of whom noted that their organization experienced a supply chain attack in the last 12 months, the ISACA said.
Survey respondents cited five supply chain risks as their key concerns:
“Our supply chains have always been vulnerable, but the COVID-19 pandemic further revealed the extent to which they are at risk from a number of factors, including security threats,” said Rob Clyde, past ISACA board chair, NACD board leadership fellow, and executive chair of the board of directors for White Cloud Security, in a statement. “It is crucial for enterprises to take the time to understand this evolving risk landscape, as well as to examine the security gaps that may exist within their organization that need to be prioritized and addressed.”
SEE: Mobile device security policy (TechRepublic Premium)
When it comes to taking action, 84% indicated their organization’s supply chain needs better governance than what is currently in place. Nearly one in five said their supplier assessment process does not include cybersecurity and privacy assessments.
Additionally, 39% of respondents said they have not developed incident response plans with suppliers in case of a cybersecurity event and 60% have not coordinated and practiced supply chain-based incident response plans with their suppliers. Nearly half of respondents (49 percent) said their organizations do not perform vulnerability scanning and penetration testing on the supply chain.
“Managing supply chain security risk requires a multi-pronged approach entailing regular cybersecurity and privacy assessments and the development and coordination of incident response plans, both in close collaboration with suppliers,” said John Pironti, president of IP Architects and a member of the ISACA Emerging Trends Working Group, in a statement. “Building strong relationships with your organization’s suppliers and establishing ongoing channels of communication is a key part of ensuring that reviews, information sharing, and remediations happen smoothly and effectively.”
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
Pironti outlined some key steps that organizations should take when working to strengthen their IT supply chain security:
“To advance digital trust, there needs to be a level of confidence in the security, integrity, and availability of all systems and suppliers,” said David Samuelson, ISACA CEO, in a statement. “As we have seen from previous incidents, customers do not differentiate between an attack on an element of your supply chain and an attack on your own systems. Now is the time to take swift and meaningful actions to improve supply chain security and governance.”
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Tech pros have low confidence in supply chain security
Your email has been sent
Your message has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
These 11 cloud-to-cloud solutions back up your organization’s data so you’ll be covered in the event of deletions, malware or outages. Compare the best online cloud backup services now.
You can use a mobile device to speak with another person directly through the Teams app. Lance Whitney shows you how to use this handy feature.
A phishing technique called Browser in the Browser (BITB) has emerged, and it’s already aiming at government entities, including Ukraine. Find out how to protect against this new threat.
With so many project management software options to choose from, it can seem daunting to find the right one for your projects or company. We’ve narrowed them down to these nine.
Start-ups, DARPA and Accenture Ventures announce research partnerships, new hardware and strategic investments.
IIoT software assists manufacturers and other industrial operations with configuring, managing and monitoring connected devices. A good IoT solution requires capabilities ranging from designing and delivering connected products to collecting and analyzing system data once in the field. Each IIoT use case has its own diverse set of requirements, but there are key capabilities and …
Recruiting an Operations Research Analyst with the right combination of technical expertise and experience will require a comprehensive screening process. This Hiring Kit provides an adjustable framework your business can use to find, recruit and ultimately hire the right person for the job.This hiring kit from TechRepublic Premium includes a job description, sample interview questions …
The digital transformation required by implementing the industrial Internet of Things (IIoT) is a radical change from business as usual. This quick glossary of 30 terms and concepts relating to IIoT will help you get a handle on what IIoT is and what it can do for your business.. From the glossary’s introduction: While the …
Procuring software packages for an organization is a complicated process that involves more than just technological knowledge. There are financial and support aspects to consider, proof of concepts to evaluate and vendor negotiations to handle. Navigating through the details of an RFP alone can be challenging, so use TechRepublic Premium’s Software Procurement Policy to establish …
