Secondly, and to make matters even worse, the sharing of credentials is impossible to prevent. This is
            compounded when an employee works with multiple suppliers or switches to a rival firm. Employees
            could  leave  a  role  and  take  their  credentials  and  sensitive  information  with  them,  leaving  their  ex-
            employer open to attack if their credentials are compromised.


            Any weakness in the supply chain affects all the organisations involved, small or large. In fact, smaller
            organisations are often targeted as they have a weak cyber security setup, and the criminals use those
            smaller companies as a gateway to the bigger fish.

            The recent breach at the Bank of America was a prime example. The Bank of America, with its ample
            resources,  can  employ  a  Chief  Information  Security  Officer  to  establish  and  maintain  a  security
            infrastructure.  However,  the  breach  came  from  their  much  smaller  bank  service  provider,  Infosys
            McCamish Systems, who may not have the same reserves. As a result, the names, addresses, dates of
            birth and even social security numbers of people whose accounts were serviced by the Bank of America
            were exposed.

            Even with robust cyber-security measures, vulnerable suppliers or third-party providers can serve as
            gateways for hackers to circumvent established security protocols. Such breaches have the potential to
            inflict catastrophic damage.

            Don’t forget that there are other players in the supply chain, too, such as legal and consulting firms. Cyber
            security is at the bottom of the pile when it comes to issues that need prioritising and, as a result, provides
            an easy route into the supply chain for malicious actors.



            Businesses are relying on insufficient cyber security solutions

            Many businesses, both large and small, have implemented Multi-Factor Authentication (MFA) to address
            cyber security weaknesses. In fact, IDEE’s own research, which surveyed five hundred IT and cyber
            security professionals within UK businesses, found that 95% have deployed some form of MFA. The real
            issue is that 50% of those users only described their MFA solution as ‘somewhat effective’.
            Not only that, if you want to deploy MFA across the entire supply chain, you will need to ask every person
            involved in the service to manage two devices. Not only is this expensive, but it actually adds more
            problems than it solves. The already overworked IT department now has to manage more users and
            more devices. It doesn’t end there. These devices require updates and use different operating systems,
            increasing complexity and introducing more attack vectors.

            If, for some reason, a business still decides to use first-generation MFA, it cannot prevent credential
            phishing or adversary-in-the-middle attacks.

            Another fallible option is to hand out USB keys in an attempt to add an extra layer of cyber protection.
            However, if these keys are lost or damaged, the USB keys cannot be recovered, ultimately leaving the
            door wide open to fall back on insecure credentials – passwords. The only layer this method realistically
            adds is to the business's financial expenditure.







                                                                                                            228