- Supply chain -attacks become more frequent and more dangerous
- Many security teams are concerned about the risk
- 70% of companies have suffered one or more attacks in the past year
A new study from SecurityScorecard reveals that cyber security leaders are facing a serious supply chain and third -party risks. The study outlines that Cisos and security people around the globe are struggling to keep up with the pace of expanding threats.
The software supply chain has become a worryingly weak LED for companies of all sizes, as smaller software providers are difficult to assess and often do not have the cybersecurity capabilities that large organizations can afford – with cyber criminals who choose smaller software companies as a point in intrusion to access larger companies.
A staggering 88% of respondents were either ‘very concerned’ or ‘somewhat concerned’ about the supply chain cyber security risks, and for good reason, since 70% say they have experienced one or more ‘material third-party cybersecurity events’, with 5% suffering 10 or more in the last year.
Sustained threats
Recent research suggests that third -party involvement in threats has doubled from 15% to 30% in recent months, and a growing dependence on digital technologies also means a growing dependence on third -party software for all industries.
As such, organizations are tasked with stricting cyber security practices to keep themselves safe. But not everyone is sure of their ability to do so, with only 26% of organizations that incorporate supply chain security into their cyber security programs-are most dependent on ‘point-in-time, supplier-delivered assessments or cyber insurance.’
Cyber security can be overwhelming even for companies with powerful capabilities, and almost 40% of respondents reported that overloading data and problems of prioritizing threats are their biggest challenge.
“Supply chain -cyber attacks are no longer isolated incidents; they are a daily reality,” said Ryan Sherstobitoff, Field Chief Threat Intelligence Officer at Securityscorecard
Nevertheless, violations are persistent because third-party risk management remains largely passive, focused on assessments and compliance checklists rather than action. This outdated approach fails to operate the insights it is included. What is needed is a shift to active defense: Supply chain event functions that close the gap between third -party risk teams and security operations center continuous monitoring and threat to real -time. Time action. Static checks will not stop dynamic dynamic dynamics, transformation of continuous monitoring and threat Notification of real -time intelligence. Threats – only integrated detection and response will. “
