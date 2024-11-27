Organizations today connect with more supply chain partners than ever before, a reflection of the distributed and connected environment in which most enterprises now operate. Procurement, as a result, is more automated and streamlined. Yet, even as these procurement processes become simpler, addressing third-party cybersecurity risks has become more challenging.

The risks are significant: Consider the 2023 breach of file transfer software vendor MoveIt, where threat actors exploited vulnerabilities in the software to exfiltrate high-value data from approximately 2,300 public and private commercial entities, which cost more than $10 billion. The MoveIt attack was far from unique. Capterra, a technology review site, found that 61% of U.S. businesses experienced supply chain attacks in 2023.

To counter the risks associated with vendors, service providers, partners, contractors and other third parties, organizations must conduct third-party risk assessments before investment, and on an ongoing basis.