Supply chain attacks have emerged as the most common cyberthreat facing businesses over the past year, a new Kaspersky global study shows.
The findings reveal that nearly every third company globally and 22% of companies in Egypt had to confront a supply chain threat over the past year.
According to recent data from the World Economic Forum, nearly two thirds (65%) of large enterprises indicate third-party and supply chain vulnerabilities as their greatest barriers to cyber resilience in today’s interconnected digital landscape.
Kaspersky-commissioned global study examined how these risks are evolving and the extent to which businesses around the world are being exposed.
The Kaspersky’s survey showed that 31% of enterprise businesses globally and 22% in Egypt had been impacted by a supply chain attack in the course of the past 12 months, which is more than any other type of cyberthreat.
High Enterprises Face Largest Exposure
The supply chain threat is acutely focused on the most connected organizations, with large enterprises reporting the highest rate of experienced attacks (36%) compared to counterparts from low and mid-size enterprise.
It’s noteworthy that it is the same group of high enterprises that reports having the highest mean number of software and hardware suppliers, managing on average around 100 suppliers, which evidentially creates a vast potential attack surface.
On top of that, organizations admit to granting access to their organizations’ systems to dozens of contractors: while low enterprises average about 50 contractors, for high enterprises the figure skyrockets to more than 130.
facilitating another cyber risk deriving from the digital space interdependence trusted relationship attacks, during which attackers might exploit legitimate connections between organizations.
Global Trends in Trusted Relationship Attacks
Over the past year, trusted relationship attacks affected a quarter (25%) of companies globally, Most frequently attacks abusing existing connections between organizations were suffered by organizations in Turkey (35%), Singapore (33%) and Mexico (31%).
In Egypt the trusted relationship attacks experienced were 23% of organizations and in the Middle East it was experienced by 22% of organizations.
“We’re operating in a digital ecosystem where every connection, every supplier, every integration becomes part of our security profile”, comments Sergey Soldatov, Head of Security Operations Center at Kaspersky.
“As organizations grow more interconnected, their exposure to attacks grows with them, Against this landscape, protecting the modern enterprise now demands an ecosystem wide approach that strengthens not just individual systems, but the entire network of relationships that keeps business operating.”
Strategic Measures to Reduce Risk
Only by implementing preventive measures across the organization and approaching partnerships with suppliers and contractors strategically can companies reduce supply chain risks and ensure the resilience of their business.
For mitigating such risks Kaspersky recommends the following:
Thoroughly evaluate suppliers before entering a deal, Check their cybersecurity policies, information about past incidents and compliance with industry security standards, For software and cloud services, it’s also recommended to review vulnerability data and penetration tests.
Implement contractual security requirements, Complete regular security audits, and ensure compliance with your organization’s relevant security policies and incident notification protocols.
Adopt preventive technological measures, Implement security practices such as the principle of least privilege, zero trust and mature identity management to reduce damage if supplier is compromised.
Ensure continuous monitoring, Use solutions like Kaspersky Next XDR or MXDR for real-time infrastructure monitoring and detecting anomalies in software and network traffic, depending on the availability of in-house staff members capable of carrying out such a monitoring.
Develop an incident response plan, Make sure it covers supply chain attacks and includes steps to quickly identify and contain breaches for example by disconnecting the supplier from company systems.
Collaborate with suppliers on security issues, Strengthen protection on both sides and make it a shared priority.
About the Study and Kaspersky
Kaspersky internal market research center commissioned a survey, questioning 1,714 technical experts, ranking from C-level employees and vice-presidents to team leads and senior specialists from enterprises with more than 500 employees.
The study covered 16 countries, including Germany, Spain, Italy, Brazil, Mexico, Colombia, Singapore, Vietnam, China, India, Indonesia, Saudi Arabia, Turkey, Egypt, the United Arab Emirates and Russia.
Low enterprise: 500-1,499 employees. Mid-size enterprise: 1,500-2,499 employees. High enterprise: 2,500 or more employees.
Kaspersky is a global cybersecurity and digital privacy company founded in 1997, With over a billion devices protected to date from emerging cyberthreats and targeted attacks.
Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure, and governments around the globe.
The company’s comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats.
We help millions of individuals and nearly 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
Read Also
Kaspersky shares steps on how to support your child’s dream cybersafely
Kaspersky enhances Network Detection and Response capabilities with KATA 8.0 release
Kaspersky identifies RenEngine loader distributed through pirated games and software
