Less than a fourth of Indian IT managers see supply chain as a security risk, and that’s worrying

The enterprise is reeling with cyber-attacks targeting the weakest links in organizations, thereby leading to supply chain compromises. The real trouble though, is that IT managers are not taking it seriously enough. Sunil Sharma, MD – Sales at Sophos India & SAARC tells us why that’s a major problem.

CSO slideshow - Insider Security Breaches - Weak link breaks among a larger chain in a network
Adventtr / Ivanastar / Getty Images

In a recently conducted survey by Sophos, it was revealed that 27 percent of Indian IT managers identify IoT as a major threat, while 21 percent consider internal staff as the top security risk.

We can live with that – begrudgingly though, but what’s particularly worrisome is the fact that only 24 percent of Indian IT managers consider supply chain as the topmost security risk.

sunil sharma Sophos

"IT managers are downplaying supply chain vulnerability primarily because IT managers consider attacks perpetrated by nation states aim at high profile targets only."
- Sunil Sharma, MD – Sales, Sophos India & SAARC

A quick look at the recent happenings in the cybersecurity space will show a rising trend of targeted attacks on the supply chain in an organization. Cyber-thugs are incessantly looking for entry points into organizations, kicking the tire to check for weakest links. And supply chain has proven to be the easiest way in.

So what could be a reason for IT managers to downplay supply chain vulnerability? Sunil Sharma, MD – Sales at Sophos India & SAARC explains that it’s primarily because IT managers consider attacks perpetrated by nation states aim at high profile targets only.

Key stats from Sophos’ survey

  • 24 percent of Indian IT managers consider supply chain as a top security risk
  • 27 percent Indian IT managers consider IoT threats as a top security risk
  • 21 percent consider internal staff as one of the weak spots that cybercriminals can exploit

They’re not wrong though, nation states had created the blueprints for these attacks. The problem is that once these techniques were made known, cybercriminals started employing these techniques for their sheer ingenuity and success rate.

“Supply chain attacks are also an effective way for cybercriminals to carry out automated, active attacks,” he explains.

So how do we beat them? Sharma believes the key to getting this right is by sensitizing third-party vendors on adopting cybersecurity best practices to keep themselves and their customers protected from cyberattacks.

Copyright © 2019 IDG Communications, Inc.

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!