Author: Risk Ledger – riskledger.com
83% of organisations allow employees to access company data such as email through their mobile devices. This doesn’t sound concerning until you learn that 24% of organisations do not use a password manager to ensure that passwords are complex and 23% of organisations do not enforce multifactor authentication on all remotely accessible services.
These insights have been uncovered by IA Engine Innovator, Risk Ledger, in their recent Supply Chain Risks Insight Report covering the implementation of IT Operations risk controls across the supply chain ecosystem.
Among other insights, the report found that:
- 20% of organisations knowingly run applications or systems that are no longer supported and no longer receive security updates;
- 19% of organisations have not configured their email services to use enforced Transport Layer Security (TLS), leaving their business emails unencrypted during transport; and
- 26% of organisations do not encrypt client data on their IT systems.
Risk Ledger’s award-winning third-party risk management platform, which is used by firms like Schroder’s Personal Wealth and First Sentier Investors, provides the data pipe for organisations to share data about their risk management regime with clients who want to run due diligence assessments against them. Suppliers on the platform include Visa and Mastercard, Okta, Darktrace and all the big four consultancies among the 1000+ organisations signed up.
It is using the aggregated and anonymised data shared on the platform by these organisations that allows Risk Ledger to publish highly informative insight reports that give information security, compliance, and procurement professionals a unique understanding of the risks and trends in the supply chain ecosystem.
The recent operational resilience, outsourcing and third-party risk regulations released by the UK’s finance sector regulators have pushed supply chain cyber risk management to the top of the agenda for regulated organisations.
Join the upcoming ‘Supply Chain Security Risks in the Spotlight’ webinar where an expert panel will review the insights found in Risk Ledger’s recent report and discuss the ‘what next’ question for professionals tasked with managing third-party risks.