Cyber Supply Chain

John McCumber

Cyber security has moved past the boundary of your organization and has become a supply chain issue. Recent studies by Ponemon Institute show that 59% of companies today claim they have experienced a data breach caused by one of their vendors or third-parties. This is up from 56% the year before and 49% the year before that. In their Q2 2019 Incident Response Threat Report, Carbon Black claims that 50% of attacks now involve attackers using a compromised network to attack other partner networks in the cyber supply chain, a term they call “Island Hopping”. The problem is real, and it is growing as cyber supply chains increase in size and importance.

Many upstart Canadian cloud service providers are offering innovative products and technologies, but Government agencies and large businesses are hesitant to adopt them out of the belief that small and medium sized businesses are more likely to be compromised by a threat actor, due to perceived less sophisticated cybersecurity defenses, smaller budgets, and fewer skilled resources. But, is this actually the case? Can small business have cyber security measures in place that not only meet, but exceed the security found in large enterprises?

In this session presented by Intrinsec Security, John McCumber, Director of Cybersecurity Advocacy for (ISC)2, will answer the question of whether small businesses are the largest risk to supply chain cyber security. He will discuss recent findings from new research from (ISC)² that was gained by surveying over 700 cyber security decision makers from large and small businesses alike. In the end, John will help to dispel the myth of whether or not business size matters in relation to cybersecurity responsiveness.