Many IT decision-makers face a "significant challenge" as they try to secure their software supply chains against cyberattacks, according to a survey from BlackBerry.
Here are the key takeaways from the survey:
- 80% of IT decision-makers said their organization was notified about a cyberattack or vulnerability in its software supply chain in the last 12 months.
- 77% had discovered unknown participants within their software supply chain that they were not previously aware of and had not been monitoring for adherence to critical security standards in the last 12 months.
- A lack of skills (54%) and visibility (44%) were among the biggest factors that prevented IT decision-makers from frequently monitoring their organization's software supply chain.
Most IT decision-makers "have confidence that their software supply chain partners have policies in place of at least comparable strength to their own," BlackBerry VP of Product Security Christine Gadsby. However, a lack of granular detail often exposes software supply chain vulnerabilities that cybercriminals exploit.
How Software Supply Chain Attacks Disrupt Organizations
Among IT decision-makers who reported software supply chain attacks, most noted that these attacks had the biggest impact on their organizations' operating systems and web browsers, BlackBerry indicated.
After a software supply chain attack, survey respondents reported the following issues:
- Significant operational disruption (59%)
- Data loss (58%)
- Reputational impact (52%)
Furthermore, 90% of IT decision-makers said it takes their organization up to a month to recover from a software supply chain attack, BlackBerry's survey revealed.
IT Decision-Makers Want Tools, Government Help
Approximately 71% of IT decision-makers said they would welcome tools to improve inventory of software libraries within their supply chain, according to BlackBerry's survey. In addition, 72% were in favor of governmental oversight to improve the security of open-source software.
Also, 62% of survey respondents noted that speed of communications is "paramount" after a software supply chain attack. Sixty-three percent would prefer a consolidated event management system for contacting internal security stakeholders and external partners. However, only 19% are using this type of system.
Cybercriminals Use Ransomware to Attack Supply Chains
More than half of global supply chains have been hit by a ransomware attack, according to September 2022 research from Trend Micro. Among these supply chains, less than half share intelligence about the hijacks with their suppliers or customers.
Meanwhile, data breaches may be linked to supply chain shortages and rising prices for goods and services around the world, an August 2022 IBM study found. The average cost of data breaches continues to rise as well.
Cybercriminals look poised to continue to explore new ways to attack supply chains in the foreseeable future. As such, MSSPs and MSPs can help global organizations find the best ways to protect their supply chains against such issues.
