The supply chains of more than half of global organizations have been hit by a ransomware attack, yet less than half share intelligence about the hijacks with their suppliers or customers, a new Trend Micro report found.
In addition, nearly eight in 10 organizations believe that cyber weaknesses of their partners and customers have made them a more attractive target for ransomware attackers. But only 25% share threat information with their partners, including managed security service providers (MSSP) and managed service providers (MSP) partners.
Threat Intelligence Sharing Problematic
In a survey of more than 2,900 IT decision makers worldwide, Trend Micro found that the problem is exacerbated by less-secured small- to medium-sized businesses comprising a large portion of the supply chain for roughly half of these organizations.
The absence of threat information sharing among organizations, their supply chain customers and partners becomes even more critical when seen in the backdrop of the high profile SolarWinds and Kaseya attacks, both of which featured compromised MSPs.
Among organizations that had experienced a ransomware attack in the past three years, 67% said their attackers contacted customers and/or partners about the breach to force payment, Trend Micro said.
"Many aren't taking steps to improve partner cybersecurity,” said Bharat Mistry, Technical Director at Trend Micro. “The first step towards mitigating these risks must be enhanced visibility into and control over the expanding digital attack surface."
Low Detection Rates for Ransomware Infections
Part of the issue of poor communication may be that organizations don’t have critical information in the first place. For example, according to the study’s data, detection rates were low for ransomware infections, including:
- Ransomware payloads (63%)
- Legitimate tooling e.g., PSexec, Cobalt Strike (53%)
- Data exfiltration (49%)
- Initial access (42%)
- Lateral movement (31%)
Trend Micro issued a warning and call for change in it's report:
“The corporate attack surface is increasingly distributed across an extensive supply chain that spans cloud and software providers, professional services firms and other connected entities. Each one of these may have privileged network access or store sensitive information belonging to client organizations. Each one therefore represents a potential security risk which must be addressed. Yet too often supply chains are nebulous and ill-defined, with controls applied in a reactive and haphazard manner, if at all. This must change.”