63 percent of organizations fall victim to supply chain attacks

A new study from Checkmarx reveals that 63 percent of organizations surveyed have been victims of a supply chain attack in the last two years, while 18 percent have suffered an attack in the last year.

Even more worrying is that that 100 percent of the large enterprises represented by 900 AppSec professionals responding from the United States, Europe and Asia-Pacific have been the victims of a software supply chain attack at some point.

Among other findings 56 percent of respondents' organizational applications comprise open source code packages. 75 percent are either very concerned (39 percent) or concerned (36 percent) about software supply chain security.

Progress towards supply chain security is slow, however, 57 percent say that software supply chain security is a top or significant area of focus. 54 percent are planning to use or are investigating the use of a solution while 50 percent are actively requesting software bills of materials (SBOMs) from their vendors. Fewer than half of those seeking vendor SBOMs knew how to leverage them effectively if needed, however.

"Software supply chain security has become an active target of government regulatory and cybersecurity agencies and is top of mind for over half of global enterprises we surveyed," says Amit Daniel, chief marketing officer at Checkmarx. "It's critical for CISOs and security leaders to make it easier for developers to understand the new risks and secure their entire software supply chain. 'Malicious' is much more than vulnerable. We have seen more attacks on the open source ecosystem in the last two years than ever before with over 385,000 malicious packages detected to date by our own Checkmarx security research team. That's why Checkmarx offers capabilities in Checkmarx One to allow developers to seamlessly add protection against such attacks."

You can get the full report from the Checkmarx site.

Image credit: Chan2545/depositphotos.com