A new research indicates that software supply chain attacks are becoming an increasingly effective method for cybercriminals to compromise large organizations and disrupt their IT infrastructure.
A report by BlackBerry revealed that a significant majority (74%) of companies have received notifications of attacks or vulnerabilities in their software supply chain within the past year.
As the risk of such attacks grows, companies are ramping up their efforts to mitigate it. The report highlighted that over half (54%) of the surveyed companies have implemented data encryption, and nearly half (47%) are regularly training their staff on cybersecurity. Additionally, 43% have deployed multi-factor authentication (MFA).
Despite these efforts, most IT leaders (68%) believe that their software suppliers' cybersecurity policies are at least as strong, if not stronger (31%), than their own. Nearly all respondents (98%) expressed confidence in their suppliers’ ability to identify and prevent the exploitation of vulnerabilities.
A software supply chain attack essentially turns a software supplier into an unintentional Trojan horse for the targeted organization. As enterprises have enhanced their cybersecurity measures, direct attacks have become more challenging.
However, software suppliers may not have equivalent security standards, making them easier targets for cybercriminals. Once compromised, these suppliers can inadvertently introduce malicious code into the software, granting hackers access to the organization’s systems.
The report also found that operating systems (32%) and web browsers (19%) are the most impactful targets for these attacks.
Organizations that fall victim to software supply chain attacks experience significant consequences, including financial losses (62%), data breaches (59%), reputational damage (57%), and operational disruptions (55%). Nearly 38% of affected companies take up to a month to fully recover.