THE vast majority of businesses are still not reviewing the risks posed by third party technology that they use and rely on, a cyber security firm has said. 

Poole-based C3IA Solutions said government statistics show how vulnerable businesses remain. 

Despite increasing awareness, only about a tenth of all enterprises review supplier risks. 

Software, apps and other tech can create huge vulnerabilities that hackers can exploit and without reviewing them, it’s possible the supplied technology won’t work as it is supposed to. 

Lucy Dalley from C3IA Solutions said: “With the building of software and systems rapidly evolving, so are cyber-security threats.  

“It is essential that the software we download and use is built with security in mind – as well as doing what it is supposed to. 

Bournemouth Echo:

“The National Cyber Security Centre (NCSC) has created eight principles to help evaluate and improve development practices, which are well worth reading. 

“One further issue is that trust in computers is often absolute. In the same way that calculators’ sums are never questioned, some business leaders have the same trust in everything their computers do. 

“But software and apps are programmed by people and they are fallible, and on large projects bugs and gremlins can easily be incorporated. 

“We recommend that when downloading and using third-party applications, it is important to understand if they are protected. 

“Regular vulnerability assessments should be carried out on networks, as should code reviews and assessments, and penetration testing. 

“Penetration testing is when experts attempt to gain access to a system to highlight its weak spots – it’s the same as getting an ex-burglar to try and break into your house.” 

The Cyber Security Breaches Survey 2023 report shows 11 per cent of organisations carried out penetration testing to identify cyber-security risks. 

Lucy said that there are “still far too many organisations that don’t pay enough attention to” cyber security. 

“A few tips to keep you as secure as possible include: downloading applications only from approved platforms, deny permissions for non-approved apps, keep apps up-to-date, use antivirus software, enforce mobile device management (MDM) in the workplace, and delete apps that aren’t used.”