Securing the digital value chain

In a recent ServiceNow/ThoughtLab survey on innovation, more than half of respondents reported significant progress modernizing IT systems. A quarter made similar progress automating workflows, improving processes, and harnessing AI, the cloud, and the IoT.

However, our research on cyber risks shows that more than 40% of respondents fear their cybersecurity efforts are not keeping pace with their digital transformations. Two-thirds report that remote work has exacerbated risks. Almost half say an increase in vendors and suppliers has created new vulnerabilities.

In its list of best practices for managing supply chain risks, the National Institute of Standards and Technology emphasizes that every department, from product marketing to engineering to human resources, should run their own risk assessments and security tests on vendors and partners. Due to a severe shortage of tech talent, most companies don’t have enough security professionals to do this work.

To augment these understaffed teams, organizations need an integrated system that facilitates collaboration with vendors, triages vulnerabilities, and uses AI to anticipate threats. One such system is from MITRE, a nonprofit research firm that works with the U.S. federal government. The company developed a predictive tool that can identify bad actors across the internet. Such tools can replace human security analysts, or be used to help security teams identify threats.

To secure their value chains, companies must rethink and prioritize their approaches to security, says Karl Klaessig, director of product marketing for security operations at ServiceNow. “In the 21st century, no corporate board should make a serious decision without discussing it with legal, finance, and also cybersecurity,” he says.