A study published by NCC Group shows what businesses need to be aware of when attempting to prevent cyber attacks.
The global chip shortage is not the only aspect currently affecting supply chains around the world. New research from the NCC Group illustrates that the number of cyberattacks on these supply chains increased by over half (51%) during the period from July to December of 2021. With the number of attacks increasing during this time frame, it is more important than ever for organizations to reduce the amount of risk their supply chains may be under to avoid being attacked.
The study, which surveyed 1,400 cybersecurity decision makers, found that 36% said that they are more responsible for preventing, detecting and resolving supply chain attacks than their suppliers. Just over half (53%) said that their company and its suppliers are equally responsible for the security of supply chains.
“Many organizations work closely with their suppliers by integrating them into their infrastructures to increase efficiencies and strengthen operations, but this can increase their cyber risk by widening their potential attack surfaces,” said Arina Palchik, global commercial director of remediation at NCC Group. “Security gaps in supply chains can lead to leakage of customer data and serve as entry points for ransomware attacks, and our latest research suggests that hackers are increasingly targeting organizations through their suppliers, with attacks up by 51% in the last six months of 2021.”
Why supply chain cyberattacks are on the rise
Some of the responsibility does fall on the organizations themselves however. Nearly half of organizations don’t stipulate security standards for their suppliers, and one-third don’t regularly monitor and risk assess their suppliers’ cybersecurity arrangements. Because of these gaps, only one-in-three businesses surveyed are confident they can respond quickly and effectively to a supply chain attack if the need arises. Just 34% of security decision-makers said they would classify their organization as being “‘very resilient”’, signaling a need for quicker response times and better frontline security to help avoid being attacked.
SEE: Mobile device security policy (TechRepublic Premium)
With the number of supply chain disruptions growing, many of the respondents recognize this to be an issue moving forward. Third-party and supplier risk was listed by those surveyed as a major challenge over the next six to 12 months and it’s easy to see why. The chip shortage is not expected to make matters easier either, as global supply chains for items ranging from computer chips to consumer goods could experience shortages for up to another two years.
For enterprises, this extended disorder creates numerous cybersecurity risks and issues, along with operational ones. One example comes in the form of the Log4j security vulnerability that saw supply chains experiencing difficulties when it came to keeping track of and patching flaws in cybersecurity designed to protect these chains.
Steps businesses can take to avoid attacks
On a positive note, with companies realizing that supplier risk is one of their biggest challenges, action is being taken to avoid these issues. Of the security decision-makers surveyed, a consensus was found that security budgets were expected to increase by an average of 10% during 2022 to help avoid the risk posed to supply chains around the world.
“It’s encouraging that organizations recognize supplier risk as one of their top challenges for 2022,” Palchik said. “However, our findings uncovered specific areas for improvement including clarity around responsibility for preventing, detecting and resolving attacks and lax controls for supplier assurance. It’s important that any investment in security addresses these areas to reduce third-party risk and enable organizations to work with their suppliers in confidence.”
Outside of strictly budget, the following areas were expected to be focuses for businesses in the year ahead:
- Threat detection and response
- Cybersecurity reviews and assessments
- Security awareness and training for employees
- Training and testing both infrastructures and applications
The NCC Group notes that if the requisite steps above are taken and the necessary amount in budget is delegated to these fixes, it could be crucial in detecting, preventing and responding to a malicious attack in the future. By reducing the risk inherent with supply chains, it could potentially mean saving exorbitant amounts of not only time, but revenue moving forward.