Third-party supply chain ecosystems, and the complexity that comes with them, have become just as much of an advantage for enterprises as they have a challenge. With organizations increasingly relying on vendors, cloud providers and open-source tools, threat actors are constantly finding new ways to compromise enterprises.
The Cyber Inequity Challenge
Gaurav Keerthi, CEO and founder of security start-up StrongKeep, said this threat landscape has led to what the World Economic Forum calls "cyber inequity," in which large enterprises remain well protected, while smaller ones lag behind in cyber readiness.
"Cybersecurity is unequally distributed. Big enterprises have a lot of it. Small enterprises have none of it. And to some extent, it's a little bit unfair, but they become the targets because the attackers are trying to get after your company through them."
— Gaurav Keerthi, CEO of StrongKeepKey Discussion Points
In this video interview with Information Security Media Group at the GovWare Conference and Exhibition 2025, Keerthi discussed:
- Governance and procurement controls: Why these can effectively mitigate third-party risk
- Expanding resilience frameworks: How resilience frameworks are expanding beyond technology
- Enterprise collaboration: The importance of collaboration to strengthen the overall cyber landscape
Third-Party Risk
With organizations increasingly relying on vendors, cloud providers, and open-source tools, the attack surface has expanded dramatically. Threat actors are constantly finding new ways to compromise enterprises through their supply chain relationships.
Smaller firms become attractive targets for attackers seeking entry into larger organizations. By compromising a vendor with weaker defenses, attackers can gain access to larger, better-protected organizations — making cybersecurity a collective challenge.
The Path Forward
True resilience extends beyond technology solutions. It requires building security awareness, establishing clear processes, and creating a culture where cybersecurity is everyone's responsibility.
Enterprise collaboration is essential to improve the overall cyber landscape. Larger organizations can support smaller partners through shared resources, training, and accessible security frameworks.
