Software supply chains are proving easy pickings for cybercriminals

Supply Chain
(Image credit: / TMLsPhotoG)

Software supply chain attacks are proving to be a winning strategy for cybercriminals looking to compromise large organizations and wreak havoc across their IT infrastructure, new research has said.

A report from BlackBerry found the vast majority (74%) has companies had received a notification of an attack, or vulnerability, in their software supply chain in the last 12 months.

As risk grows, so do the enterprises’ efforts to mitigate it, the report further explained. More than half (54%) deployed data encryption, and a similar percentage (47%) is regularly training their staff on cybersecurity. Multi-factor authentication (MFA) has been deployed by 43% of the survey respondents.

Trojan horse

At the same time, the majority (68%) of IT leaders believe their software supplier’s cybersecurity policies are at least comparable, if not stronger than (31%) those they have implemented. Finally, nearly all (98%) of the respondents were confident in their suppliers’ ability to identify and prevent the exploitation of a vulnerability within their environment.  

A software supply chain attack turns a software supplier into an unwitting Trojan horse for the victim organization. Since most enterprises have tightened up on cybersecurity, it has gotten more difficult to break in. However, software suppliers might not have the same security measures, and thus could be easier to compromise. From there, hackers can infect the software with malicious code and open the doors to the kingdom from the inside.

Operating systems (32%) and web browsers (19%) continue to create the biggest impact for organizations, the report concludes. 

Organizations suffering a software supply chain attack feel the sting of financial loss (62%), data loss (59%), reputational damage (57%), and operational impact (55%). Almost two in five (38%) take up to a month to recover. 

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.