Tech supply chain concentration is a growing risk
The cybersecurity market is dominated by a few select players such as CrowdStrike. Concentration in cloud hosting is greater still, Microsoft alone commanding about one-quarter of the global public cloud market. This concentration creates a single point of potential failure at the top of the IT supply chain for thousands of public and private organisations.
The pitfalls of this excessive reliance were painfully exposed during the recent outage.
Organisations must take this vulnerability especially seriously since state and non-state hackers have shifted their focus to the IT supply chain. Top IT suppliers are being targeted by hostile governments looking to steal sensitive information, and by criminals looking to extort ransoms from multiple firms simultaneously. The list of IT suppliers breached for these reasons is long, and notably includes SolarWinds and Kaseya.
Security systems can fail open - where data are made available and risk being misused, or fail closed - where access to the systems and therefore to data is prevented. The impact of the Crowdstrike incident on data confidentiality and integrity is currently uncertain. But reports from the NHS and others have indicated data access issues. While the extent of data loss, whether sensitive or commercially valuable, is unknown, the event may have exposed many organisations to the risk of regulatory penalties and subsequent reputational damage.
Our Chief Product Officer Megha Kumar shared her insight on this important issue on GB News.