BlueVoyant urges PH businesses to fortify supply chain risk management and resilience


BlueVoyant, a rock-solid cyber defense platform company converging internal and external security, is helping more Philippine organizations enhance their cybersecurity posture. The company’s in-country growth has been fueled by helping businesses rapidly identify and mitigate cyber vulnerabilities in their third-party ecosystems with a robust third-party cyber risk management solution.

Third-Party Cyber Risk Management is now the standard in cybersecurity, especially for companies with extensive supply chains and various external partners. Designed to provide advanced and comprehensive cybersecurity protection for corporations, BlueVoyant is the only company that provides end-to-end vendor risk monitoring in the Philippines. 

“BlueVoyant is at the forefront of delivering unparalleled cyber defense capabilities that help protect businesses’ data, infrastructure, customers, and employees from cyberattacks,” said Tal Blaustein, BlueVoyant International’s chief operating officer. “Redefining how businesses understand and address their cyber risk environments is a core focus for BlueVoyant, especially when it comes to third-party risks posed by their supply chain.”

BlueVoyant converges end-to-end cyber defense capabilities into a single, unified platform called BlueVoyant Elements for some of the world's most critical organizations. Elements plays a crucial role in helping organizations monitoring their networks, attack surfaces, and supply chains while taking action to mitigate threats.

Understanding the Supply Chain Cyber Risk Landscape

According to a recent survey by BlueVoyant, 97% of companies say they have been negatively impacted a cybersecurity breach in their supply chain in the past 12 months; and 38% said they have no way of knowing when or if an issue arises with a third-party supplier’s cybersecurity.

In the Philippines, the financial sector is one of the most prevalent targets for cyberattacks, such as phishing attacks, scam calls, and data breaches, often resulting in severe financial losses, reputational damage, breach of compliance, and other legal liabilities.

“Looking at the cyber threat landscape of the Philippine market, our analysts at BlueVoyant have observed several threat actors who are searching for other threat actors called callers. Callers are those who disguise themselves as a bank employee to call victims whose bank accounts are partially compromised, so they can obtain the missing details for the account takeover,” shared Arleen Asuncion, BlueVoyant Philippines country manager.

These threat actors are usually looking for callers when they intend to cash out compromised bank accounts or compromised credit cards. They usually have a copy of the victim's bank account details, and the caller is essential to completing the final part of the account takeover. 

While Philippine organizations have started to shore up their cybersecurity to thwart threat actors, many continue to face challenges, including resource constraints, scalability, issues with dealing with unresponsive suppliers, and blind spots around emerging risks.

“It has become glaringly clear that the vendor, partner, and supplier ecosystem is now the attack surface of threat actors,” Blaustein said. “One of the most pressing concerns in this regard is that more companies are creating more risk by putting more of their data into third-party applications. This risk is perhaps distributed among a thousand other vendors, partners, and suppliers.”

Strengthening Third-Party Risk Management and Resilience

At a time when cyberattacks are increasing in frequency, vector, and complexity, businesses are tapping other companies to access the services and support they need. However, protecting these ecosystems can be extremely challenging.

With BlueVoyant’s extensive attack surface management and vulnerability identification capabilities, Philippine businesses and their third parties can resolve new critical issues at lightning speed — enabling fast resolution of zero-day vulnerabilities. 

“Given the frequency and severity of today’s third-party breaches, it is more important than ever for Philippine businesses to protect their supply chains by putting the right contractual provisions in place, understanding the risks, delivering real-time monitoring, operationalizing data, and securing resources that remediate supply chain vulnerabilities,” said Asuncion.

BlueVoyant urges organizations to set agreed-upon risk tolerance thresholds and apply different tolerances for various suppliers, depending on the access they have to data and their impact on the overall operations. Contracts should also clearly explain the procedure for identifying and mitigating risks that could compromise security.

“To gain visibility into the risks across their supply chain, we make sure that businesses operationalize their data for improved visibility and maximized value,” Blaustein said. “There must be a team who will curate findings for priority and accuracy, ensure remediations are implemented, and regularly monitor the whole third-party ecosystem.” 

According to BlueVoyant analysts, it is critical for enterprises to take a proactive defensive posture of rigorous monitoring of the supply chain, making sure all vendors, partners, and suppliers are flagged when they are insufficiently protected. Doing so will help remediate critical vulnerabilities before any cyberattacks can occur.

“By combining cutting-edge technology, unrivaled data analytics, and global expertise, we at BlueVoyant are dedicated to offering comprehensive supply chain cyber risk identification, prioritization, and remediation services that help safeguard companies throughout their supply chains,” Blaustein said.