The vast majority of businesses are still not reviewing the risks posed by third party technology that they use and rely on, it’s been revealed.
Leading Dorset cyber-security company C3IA Solutions said government statistics show how vulnerable businesses remain. Despite increasing awareness, particularly among medium-sized and larger companies, only about a tenth of all enterprises review supplier risks. Software, apps and other tech can create huge vulnerabilities that hackers can exploit. And without reviewing them, it’s possible the supplied technology won’t work as it is supposed to.
Lucy Dalley, from C3IA Solutions, said:
“With the building of software and systems rapidly evolving, so are cyber-security threats. It is essential that the software we download and use is built with security in mind – as well as doing what it is supposed to."
“The National Cyber Security Centre (NCSC) has created eight principles to help evaluate and improve development practices, which are well worth reading. One further issue is that trust in computers is often absolute. In the same way that calculators’ sums are never questioned, some business leaders have the same trust in everything their computers do."
“But software and apps are programmed by people and they are fallible, and on large projects bugs and gremlins can easily be incorporated. We recommend that when downloading and using third-party applications, it is important to understand if they are protected. "
“Regular vulnerability assessments should be carried out on networks, as should code reviews and assessments, and penetration testing. Penetration testing is when experts attempt to gain access to a system to highlight its weak spots – it’s the same as getting an ex-burglar to try and break into your house."
“The Cyber Security Breaches Survey 2023 report showed that only 11 per cent of organisations carried out penetration testing to identify cyber-security risks. While figures show that cyber-security is better understood as an issue by bosses, there are still far too many organisations that don’t pay enough attention to it."
“Often we get called into a business after it has suffered a cyber-attack, and the results can be devastating. A few tips to keep you as secure as possible include: downloading applications only from approved platforms, deny permissions for non-approved apps, keep apps up-to-date, use antivirus software, enforce mobile device management (MDM) in the workplace, and delete apps that aren’t used."
“And achieving the government’s Cyber Essentials certification gives a basic level of protection as well as providing cyber insurance."
“While the understanding of threats and potential issues with third party software and applications is increasing, it is still not embedded in businesses as it ought to be".
Comments