3347: Bitsight on the Hidden Risks Inside Global Supply Chains

9 snips

Jul 15, 2025

In this engaging discussion, Ben Edwards, a Principal Research Scientist at BitSight with expertise in cybersecurity data, delves into the unseen vulnerabilities in global supply chains. He highlights the misconception that larger tech providers are inherently safer, revealing how complexity can increase risks. The talk also uncovers the reliance on military-linked companies within UK and US supply chains, posing not only cybersecurity threats but geopolitical ones too. Ben emphasizes the crucial role of smaller vendors that, despite being lesser-known, significantly influence various sectors.

Ask episode

AI Snips

Chapters

Books

Transcript

Episode notes

INSIGHT

Size Doesn't Ensure Security

Larger technology providers are not inherently more secure despite their scale.
Bigger organizations face increased attack surfaces, complicating security management.

INSIGHT

UK Supply Chains Are Larger

UK organizations have about 10% larger supply chains than the global average.
This reflects a more advanced digital economy, not necessarily more risk.

INSIGHT

Chinese Military Links in Supply Chains

Around 30% of UK and US supply chains depend on Chinese military-linked companies.
This creates geopolitical and cybersecurity risks with complex disentanglement implications.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

When we talk about cybersecurity, it’s often easy to think in terms of firewalls, passwords, and high-profile breaches. But what happens when the vulnerability isn’t within your own systems but somewhere deep in your third or fourth-tier supply chain? In this episode, I spoke with Ben Edwards from Bitsight about the unseen infrastructure propping up much of the global digital economy and the new risks emerging from it.

Our conversation begins by challenging the assumption that larger technology providers are automatically safer. Bitsight’s research reveals that scale often introduces complexity and a larger attack surface, which can make it even harder to stay secure. In fact, UK supply chains are now around 10 percent larger than the global average, reflecting a more advanced digital economy but also introducing more room for hidden weaknesses.

One of the most sobering parts of the discussion focused on geopolitics. Around 30 percent of UK and US supply chains rely on Chinese military-linked companies like Huawei and China Telecom. That’s not just a cybersecurity concern. It’s a geopolitical time bomb. Ben broke down the ripple effects that potential restrictions or bans could have, including costs, infrastructure overhauls, and widespread operational disruption.

Then there are the “hidden pillars,” smaller vendors like Aptiv and Yardi, which may not be household names but play disproportionately influential roles in sectors like aerospace, education, and real estate. Their obscurity makes them dangerous single points of failure, especially when regional dependencies form without anyone noticing.

The bottom line? End-to-end supply chain visibility remains elusive. Shadow IT, employee workarounds, and a constantly shifting tech landscape mean organizations must approach cybersecurity as an ongoing process, not a checklist. Ben urges companies to continually assess the criticality of their providers and, just as importantly, understand their own role in others’ ecosystems.

If you’re curious about how internet balkanization, AI, and outsourcing are shaping the next phase of cybersecurity strategy, this episode will give you a lot to think about. Y