According to a survey conducted by Kaspersky Lab and B2B International, businesses are losing confidence in third-party suppliers. The main reason is the increasing number of IT security incidents that they cause. The survey found the average cost of such an incident for Enterprise exceeded $3 million.
The recent survey showed that over a third of companies do not trust their suppliers, with the figure for 2015 standing at 37% – up four percentage points on the previous year (33%). This trend is the same for small and medium businesses as well as large corporations. The principal reason for this loss of faith in suppliers is the fact that they were to blame for 18% of cyber incidents in 2015.
Incidents involving third-party suppliers are no less dangerous for businesses than direct cyber-attacks on a company’s infrastructure. In both cases, the cost of eliminating the consequences is equally high: cyber incidents involving suppliers cost small and medium businesses $67,000 on average, while the figure for large corporations is $3.27 million.
"In order to avoid damages and to ensure secure communication with suppliers, a comprehensive multi-layered approach is required. The first thing to do is to delineate access rights to different areas of the corporate network for different employees. This will help restrict a supplier’s access to the company’s resources. Be sure to find out the details of the supplier’s IT security system and implement rules of interaction that are based not only on efficiency and flexibility but also on security," said Konstantin Voronkov, Head of Endpoint Product Management at Kaspersky Lab.
Kaspersky Lab offers security solutions to protect all segments of the corporate network. For employees’ mobile devices and virtual workstations we have developed special solutions such as Kaspersky Security for Mobile and Kaspersky Security for Virtualization. In addition to our technological solutions, Kaspersky Lab provides training on information security for employees, including how to minimize the risk of incidents when working with third-party suppliers.