Worry about the lack of high-quality cybersecurity personnel
Kaspersky's latest research on supply chain risks and trust relationships shows that supply chain attacks have become one of the leading threats to businesses, with one in three organizations affected in the past year.
The shortage of specialized human resources is becoming one of the major barriers in efforts to minimize supply chain risks and risks from trusted relationships. This makes organizations unable to continuously detect and monitor potential third-party vulnerabilities in their ecosystems. According to a survey in the Asia-Pacific region, the rate of businesses facing a shortage of specialized information security (IT) personnel ranges from 34% in Singapore to 57% in Vietnam.
When the security team has to allocate resources for too many tasks at the same time, threats from the supply chain are at risk of being overlooked. This is also a reality pointed out by many businesses, when the need to balance between many different cybersecurity priorities becomes one of the main barriers. According to surveys, this issue is particularly prominent in countries such as India (54%), Vietnam (48%) and Singapore (47%).
In addition, inconsistency in assessing and maintaining cybersecurity status in Asia-Pacific is reducing the ability of organizations to monitor the level of security of partners, thereby increasing the risk of exposure to loopholes that are constantly arising in the ecosystem.
Faced with this situation, Mr. Adrian Hia, CEO of Kaspersky Asia-Pacific region, emphasized that only when implementing network security risk prevention measures throughout the organization, and establishing strategic cooperation relations with suppliers and contractors, can businesses minimize supply chain risks and ensure business operation recovery.
Recommendations
- Apply managed cybersecurity services. For organizations lacking dedicated cybersecurity resources, outsourcing is an effective solution. Services such as MDR or Incident Response can support the entire incident handling process, from threat detection to continuous protection and recovery.
- Invest in cybersecurity training for personnel. Businesses can improve the capacity of their team through advanced courses, in flexible forms such as self-study or direct training. These programs contribute to strengthening professional skills and help businesses be more proactive in responding to increasingly sophisticated threats.
- Carefully evaluate the provider before signing a cooperation agreement. Check network security policies, information about previous incidents and compliance with industry security standards. For software and cloud services, additional vulnerability data and intrusion test results should be considered.
- Establish network security terms in the contract. Conduct periodic security audits and ensure that the provider complies with security policies as well as the organization's incident notification process.
- Strengthen cooperation with suppliers on security issues. Strengthen defense capabilities and consider this a common priority for both sides.
