Bitsight Explores the Fragility of the Global Supply Chain
Organisations are grappling with more and more supply chain risks as they navigate an increasingly digital era.
Unfortunately, rapid digital transformation often outpaces risk management strategies, highlighting gaps in visibility and security. What's more, greater reliance on interconnected systems can make operations more vulnerable to data breaches and cyber attacks.
Cybersecurity leader Bitsight's latest report, Under the Surface: Uncovering Cyber Risk in the Global Supply Chain, explores the interconnectedness of modern businesses and the significant impact cyber risks can have on the supply chain.
Tracking more than 61 million digital supply chain relationships by analysing 40,000 products, 500,000 organisations and 12,000 providers, the study urges organisations to understand digital supply chain risks and their cybersecurity position.
Ben Edwards, Principal Research Scientist at Bitsight, explains: "Given the current changes in the geo-political landscape supply chain risks are increasingly important.
"Our research indicates that certain Chinese firms maintain a substantial presence within the US and global digital infrastructure. Understanding these dependencies is a critical step in assessing systemic risk and developing strategies to enhance resilience."
Digging beneath the surface
Bitsightâs report uncovers the cybersecurity risks present in the global digital supply chain that organisations often forget.
A few providers â many of which have poor security positions â support a large share of global business activity and are key to supply chain resilience.
Bitsight highlights that risks can escalate in the complex network and dependencies of supply chains, stressing the need for businesses to assess critical supplier risks, map their digital dependencies and take proactive steps to secure their extended ecosystem.
Industry and geographic concentration risk
Bitsight points out that certain providers can create hidden vulnerabilities in the global digital supply chain by dominating certain sectors or regions.
Sector-specific failure points are created as some providers serve a large share of companies in specific sectors, such as Aptiv Group, which serves 54.6% of the aerospace and defence sector, and MedridianLink, which work with 28.3% of the Credit Union industry.
This indicates that even a minor disruption to one of these companies has the potential to create significant consequences for these industries and their supply chains.
Meanwhile, some providers have significant influence in certain countries, putting national infrastructures at risk. For example, PowerSchool holds less than 1% of the global education market share but serves 20.4% of the UAE education industry, while Etisalat has 1.14% of the global market share but 76.5% of the UAE market.
These organisations' immense presence in certain regions or geographies has the potential to create a significant impact in the event of a disruption.
Security performance in supply chain links
Bitsightâs report indicates that security performance is critically low in the global digital supply chain.
Analysing 22 Bitsight risk vectors, the report finds providers perform worse than consumers in 16 categories, such as insecure systems, open ports, torrents and TLS security.
The firm goes on to emphasise that several of the most widely relied upon providers in the supply chain are some of the worst cybersecurity performers, such as payment processors, SaaS platforms and manufacturers.
Interestingly, Bitsight found a strong link between a providerâs market share and their cybersecurity quality. Providers that suffer from persistent issues, such as insecure configurations and unpatched systems, are found to underinvest in security and lack visibility into their own risk, making them vital targets for disruptions.
What next for supply chain security?
Bitsightâs report stresses the importance of risk management and visibility as supply chains continue to be influenced by rising digital interdependence and complexity.
Organisations must monitor third, fourth and nth-party relationships as supply chains evolve into dense networks rather than linear chains. Providers need to meet higher security standards as cybersecurity becomes increasingly important in supply chain resilience.
Bitsight emphasises that organisations may face large-scale disruptions without proactive oversight to protect hidden vulnerabilities.
Explore the latest edition of Supply Chain Digital Magazine and be part of the conversation at our global conference series, Procurement & Supply Chain LIVE.
Discover all our upcoming events and secure your tickets today.
Supply Chain Digital is a BizClik brand.