The most common cyber gaps threatening supply chain security

Panorays has identified the top five most common cyber gaps among third-party organizations over 2021. Analyzing data gathered from cyber posture evaluations of tens of thousands of vendors across various industries, Panorays pinpointed compromised credentials as among the most common issues impacting supply chain security, with 44% of companies affected.

Other common cyber gaps this past year include:

• Significant web assets not protected by Web Application Firewalls (WAF) (48% of companies affected)
• Unpatched web servers with severe vulnerabilities (37% of companies affected)
• Vulnerable default CMS configuration (33% of companies affected)
• Insufficient security team personnel (33% of companies affected)

While it maintains a position on the list, the patching cadence of web servers is improving. Indeed, unpatched technologies impacted 52% of companies in 2019, compared to 40% in 2020 and 37% today. Meanwhile, failure to implement basic protection for websites and apps through WAF has remained consistent over the years.

The costs of doing so, as well as the difficulty of configuring and maintaining WAF, could be to blame. Finally, the results indicate that insufficient security team personnel continue to be a problem, as the percentage of companies impacted has risen slightly from 31% to 33% since 2020.

“It is reassuring to see security teams taking greater initiative to patch their servers in a timely manner, and it’s a trend we hope to see continue in the years to come, particularly in light of the recent Log4j disclosure. Nevertheless, we still have a way to go in safeguarding our supply chains. The persistence of cybercriminals, an expanding set of security responsibilities tied with a shortage of talent, makes for a perfect storm,” said Giora Omer, Chief Architect at Panorays, who authored the report.

“Yet the silver lining is that most of the common issues that crop up time and again simply require companies to follow basic cyber hygiene and best practices. The challenge that comes with tackling cyber gaps in the supply chain is not necessarily the issue itself, but the abundance of issues that make it difficult for the organization and partners to keep track.”