spot_img
Cyber Security
AI Impact
By: AI Impact

Date:

Share:

Supply chain attacks top list of threats companies suffered over past 12 months

Supply chain attacks top list of threats companies suffered over past 12 months

Supply chain attacks have emerged as the most common cyberthreat facing businesses over the past year, a new Kaspersky global study shows. The findings reveal that nearly every third company globally had to confront a supply chain threat over the past year.

According to recent data from the World Economic Forum, nearly two thirds (65%) of large enterprises indicate third-party and supply chain vulnerabilities as their greatest barriers to cyber resilience in today’s interconnected digital landscape. Kaspersky-commissioned global study[1] examined how these risks are evolving and the extent to which businesses around the world are being exposed.

Kaspersky’s survey showed that 31% of enterprise businesses globally had been impacted by a supply chain attack in the course of the past 12 months, which is more than any other type of cyberthreat. The supply chain threat is acutely focused on the most connected organisations, with large enterprises[2] reporting the highest rate of experienced attacks (36%) compared to counterparts from low and mid-size  enterprise.

It’s noteworthy that it is the same group of high enterprises that reports having the highest mean number of software and hardware suppliers, managing on average around 100 suppliers, which evidentially creates a vast potential attack surface. On top of that, organisations admit to granting access to their organisations’ systems to dozens of contractors: while low enterprises average about 50 contractors, for high enterprises the figure skyrockets to more than 130, facilitating another cyber risk deriving from the digital space interdependence — trusted relationship attacks, during which attackers might exploit legitimate connections between organisations.

Over the past year, trusted relationship attacks affected a quarter (25%) of companies globally. Most frequently attacks abusing existing connections between organisations were suffered by organisations in Turkey (35%), Singapore (33%) and Mexico (31%).

“We’re operating in a digital ecosystem where every connection, every supplier, every integration becomes part of our security profile”, comments Sergey Soldatov, Head of Security Operations Center at Kaspersky. “As organisations grow more interconnected, their exposure to attacks grows with them. Against this landscape, protecting the modern enterprise now demands an ecosystem‑wide approach that strengthens not just individual systems, but the entire network of relationships that keeps business operating.”

Only by implementing preventive measures across the organisation and approaching partnerships with suppliers and contractors strategically can companies reduce supply chain risks and ensure the resilience of their business.

For mitigating such risks Kaspersky recommends the following:

  • Thoroughly evaluate suppliers before entering a deal. Check their cybersecurity policies, information about past incidents and compliance with industry security standards. For software and cloud services, it’s also recommended to review vulnerability data and penetration tests.
  • Implement contractual security requirements. Complete regular security audits, and ensure compliance with your organisation’s relevant security policies and incident notification protocols.
  • Adopt preventive technological measures. Implement security practices such as the principle of least privilegezero trust and mature identity management to reduce damage if supplier is compromised.
  • Ensure continuous monitoring. Use solutions like Kaspersky Next XDR or MXDR for real-time infrastructure monitoring and detecting anomalies in software and network traffic, depending on the availability of in-house staff members capable of carrying out such a monitoring.
  • Develop an incident response plan. Make sure it covers supply chain attacks and includes steps to quickly identify and contain breaches — for example by disconnecting the supplier from company systems.
  • Collaborate with suppliers on security issues. Strengthen protection on both sides and make it a shared priority.

More recommendations along with other findings on business exposure to supply chain attacks are available via the link.

AI Impact
AI Impact
spot_img
spot_img

━ More like this

Cyber Security

Kaspersky identified a new SilverFox campaign targeting companies in South Africa

The APT campaign involved disguising malicious files as documents related to tax violations. Upon infection, attackers could gain remote access to affected devices and...
Cyber Security

The energy sector’s ‘digital big bang’: 75% to digitise in two years, but at what cost?

A recent joint study by Kaspersky and VDC revealed that over half of energy organisations have already faced cyber incidents exceeding $1 million in...
Cyber Security

Gaps in cybersecurity policies and employee commitment leave organisations vulnerable, Kaspersky survey shows

A recent Kaspersky survey in the Middle East, Turkiye and Africa (META) region entitled “Cybersecurity in the workplace: Employee knowledge and behaviour”, showed that 23%...
Cyber Security

69% of businesses ready to share their contractors’ security costs to boost cyber resilience

A new global Kaspersky study has revealed that more than two-thirds of companies are willing to invest in the security of their contractors and...
Cyber Security

Why your password may not be good enough no matter how long and complex it is

The first Thursday of May each year marks ‘World Password Day’, a global event dedicated to raising awareness about the importance of securing passwords...
spot_img
Previous article
Comment to Anthropic’s announcement of Claude Code Security
Next article
Kaspersky enhances its security awareness platform with SCORM and PDF support