Cybersecurity Report: Half of Organizations’ Global Supply Chains Compromised by Ransomware Attackers

The supply chains of more than half of global organizations have been hit by a ransomware attack, yet less than half share intelligence about the hijacks with their suppliers or customers, a new Trend Micro report found.

In addition, nearly eight in 10 organizations believe that cyber weaknesses of their partners and customers have made them a more attractive target for ransomware attackers. But only 25% share threat information with their partners, including managed security service providers (MSSP) and managed service providers (MSP) partners.

Threat Intelligence Sharing Problematic

In a survey of more than 2,900 IT decision makers worldwide, Trend Micro found that the problem is exacerbated by less-secured small- to medium-sized businesses comprising a large portion of the supply chain for roughly half of these organizations.

The absence of threat information sharing among organizations, their supply chain customers and partners becomes even more critical when seen in the backdrop of the high profile SolarWinds and Kaseya attacks, both of which featured compromised MSPs.

Among organizations that had experienced a ransomware attack in the past three years, 67% said their attackers contacted customers and/or partners about the breach to force payment, Trend Micro said.

"Many aren't taking steps to improve partner cybersecurity,” said Bharat Mistry, Technical Director at Trend Micro. “The first step towards mitigating these risks must be enhanced visibility into and control over the expanding digital attack surface."

Low Detection Rates for Ransomware Infections

Part of the issue of poor communication may be that organizations don’t have critical information in the first place. For example, according to the study’s data, detection rates were low for ransomware infections, including:

Trend Micro issued a warning and call for change in it's report: