A study published by NCC Group shows what companies should pay attention to when preventing cyber-attacks.
The global chip shortage is not the only aspect currently affecting supply chains around the world. New research from the NCC Group illustrates that the number of cyber attacks on these supply chains increased by more than half (51%). With the number of attacks on the rise during this period, it is more important than ever for organizations to reduce the risk their supply chains face to avoid being attacked.
The survey, which surveyed 1,400 cybersecurity decision-makers, found that 36% said they are more responsible for preventing, detecting and resolving supply chain attacks than their suppliers. Just over half (53%) said their company and its suppliers are equally responsible for supply chain security.
“Many organizations work closely with their suppliers by integrating them into their infrastructure to increase efficiency and strengthen operations, but doing so can increase their cyber risk by increasing their potential attack surface,” said Arina Palchik, global commercial director of remediation. at NCC Group. “Security gaps in supply chains can lead to the leakage of customer data and serve as entry points for ransomware attacks, and our latest research suggests that hackers are increasingly targeting organizations through their suppliers, with attacks rising 51% in the last six months. of 2021.”
Why cyber-attacks are increasing in the supply chain
Part of the responsibility lies with the organizations themselves. Nearly half of organizations do not set security standards for their suppliers, and a third do not regularly monitor or risk assessment their suppliers’ cybersecurity arrangements. Because of these gaps, only one in three companies surveyed are confident that they can respond quickly and effectively to a supply chain attack when the need arises. Only 34% of security decision makers said they would classify their organization as “highly resilient”, indicating the need for faster response times and better frontline security to avoid being attacked.
SEE: Mobile Device Security Policy (Tech Republic Premium)
With the number of supply chain disruptions on the rise, many of the respondents recognize that this is a future problem. Third-party and supplier risks were cited by respondents as a major challenge for the next six to 12 months and it’s easy to see why. The chip shortage isn’t expected to make things any easier either, as global supply chains for items ranging from computer chips to consumer goods could face shortages for up to another two years.
For enterprises, this vast clutter creates a host of cybersecurity risks and problems, in addition to operational ones. An example comes in the form of the log4j security vulnerability that caused supply chains to experience difficulties in tracking and fixing cybersecurity vulnerabilities designed to protect those supply chains.
Steps Companies Can Take to Prevent Attacks
On the positive side, companies are realizing that supplier risk is one of their biggest challenges and that action is being taken to prevent these issues. Security decision-makers surveyed agreed that security budgets were expected to increase by an average of 10% by 2022 to help prevent risks to supply chains around the world.
“It’s encouraging that organizations are recognizing supplier risk as one of their biggest challenges for 2022,” Palchik said. “However, our findings revealed specific areas for improvement, including clarity about accountability for attack prevention, detection and remediation and lax vendor warranty checks. It’s important that any security investment addresses these areas to reduce third-party risk and enable organizations to work with their suppliers in confidence.”
Outside of the strict budget, the following areas are expected to be the focus of companies in the coming year:
- Threat Detection and Response
- Cyber Security Ratings and Reviews
- Security awareness and training for employees
- Training and testing of both infrastructures and applications
The NCC Group notes that if the required steps above are taken and the necessary budget is delegated to these solutions, it could be critical in detecting, preventing and responding to a malicious attack in the future. Reducing the risk inherent in supply chains could potentially mean exorbitant savings in the future, not only in time, but also in revenue.
