The financial sector remains a prime target for cyber-attacks, with attackers constantly seeking to exploit vulnerabilities across the industry's global supply chain. Cyber risk intelligence firm Bitsight has conducted a comprehensive analysis, mapping 41,511 financial organizations and 50,232 relationships with third-party technology providers. The aim is to shed light on the hidden pillars of the financial sector and enhance resilience against cyber threats.[1]
For help with Supply Chains: https://www.redskyalliance.com/supply-chain
Bitsight's research focuses on understanding the intricate web of relationships between financial organizations and their technology providers. By mapping these connections, the firm aims to identify critical suppliers that could pose significant risks if their cybersecurity measures are inadequate. The study reveals that too often; the criticality of a supplier is only realized after a cyber incident has occurred. By uncovering these hidden pillars, Bitsight seeks to improve the sector's overall resilience.
Key Findings on Supplier Cybersecurity - The report identifies a shortlist of suppliers with significant market share in the financial sector compared to other markets. Notable examples include Bloomberg and less obvious but equally critical suppliers, such as NICE Group, a building access company. If these critical suppliers have low-performing cybersecurity, they pose a substantial risk to the entire industry.
One surprising finding is that larger financial organizations tend to have a worse security posture than their smaller counterparts. This suggests that size alone does not guarantee robust cybersecurity measures, and larger entities may need to reassess their strategies. The research indicates that many financial sector suppliers are underperforming in terms of cybersecurity. These suppliers often have a lower security posture than the financial organizations they serve, highlighting a potential weak link in the supply chain.
Monitoring & Vulnerability - Bitsight's analysis also delves into the monitoring practices of financial organizations. The report finds that financial organizations monitor only 36.6% of their overall supply chain. This leaves a significant portion of suppliers unmonitored, which is concerning given that these unmonitored suppliers have 2.9 times more critical-level Common Vulnerabilities and Exposures (CVEs) and 2.8 times more Known Exploited Vulnerabilities (KEVs) compared to those that are monitored.
Improving Resilience & Security - The findings from Bitsight's report clearly identify the need for the financial sector to enhance its approach to supply chain cybersecurity. By identifying and closely monitoring critical suppliers, financial organizations can mitigate risks and improve their overall resilience. The report serves as a call to action for the industry to prioritize cybersecurity across its supply chain, particularly with regard to those suppliers that are often overlooked but play a vital role in operations.
Bitsight's comprehensive mapping of the financial sector's global supply chain provides valuable insights into the cyber risks faced by the industry. The report highlights the importance of understanding and monitoring relationships with third-party technology providers, especially those with significant market share or critical roles.
As the financial sector remains a prime target for cyberattacks, proactive measures to enhance supply chain cybersecurity are crucial for maintaining resilience and protecting against potential threats.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225 or feedback@redskyalliance.com
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.cybersecurityintelligence.com/blog/critical-cyber-risks-in-the-financial-services-sector--8858.html
Comments