Panorays, a leading provider of third-party security risk management software, has today identified the top five most common cyber gaps among third-party organizations over 2021. Analyzing data gathered from cyber posture evaluations of tens of thousands of vendors across various industries, Panorays pinpointed "compromised credentials" as among the most common issues impacting supply chain security, with 44% of companies affected.
Other common cyber gaps this past year include:
Significant web assets not protected by Web Application Firewalls (WAF) (48% of companies affected)
Unpatched web servers with severe vulnerabilities (37% of companies affected)
Vulnerable default CMS configuration (33% of companies affected)
Insufficient security team personnel (33% of companies affected)
While it maintains a position in Panorays’ Top 5 Cyber Gaps list, the patching cadence of web servers is improving. Indeed, unpatched technologies impacted over half of companies (52%) in2019, compared to 40% in 2020 and 37% today. Meanwhile, failure to implement basic protection for websites and apps through WAF has remained consistent over the years. The costs of doing so, as well as the difficulty of configuring and maintaining WAF, could be to blame. Finally, the results indicate that insufficient security team personnel continues to be a problem, as the percentage of companies impacted has risen slightly from 31% to 33% since 2020.
“It is reassuring to see security teams taking greater initiative to patch their servers in a timely manner, and it’s a trend we hope to see continue in the years to come, particularly in light of the recent Log4j disclosure. Nevertheless, we still have a ways to go in safeguarding our supply chains. The persistence of cybercriminals, an expanding set of security responsibilities tied with a shortage of talent, makes for a perfect storm,” said Giora Omer, Chief Architect at Panorays, who authored the report.
“Yet the silver lining is that most of the common issues that crop up time and again simply require companies to follow basic cyber hygiene and best practices. The challenge that comes with tackling cyber gaps in the supply chain is not necessarily the issue itself, but the abundance of issues that make it difficult for the organization and partners to keep track.”
Panorays addresses the challenge of visibility by combining automated, dynamic security questionnaires with external attack surface assessments and business context to provide organizations with a rapid, accurate view of supplier cyber risk. The company further enables easy collaboration between companies and suppliers through in-app engagement tools.
Click here to download the full report.
###