Software supply chain attacks set to become a major threat
According to a new study, 80 percent of IT decision makers and IT security professionals believe software supply chain attacks have the potential to become one of the biggest cyber threats over the next three years.
At the same time, 71 percent believe their organization does not always hold external suppliers to the same security standards. Only 37 percent of respondents in the US, UK and Singapore say their organization has vetted all suppliers, new or existing in the past 12 months and only a quarter believe with certainty their organization will increase its supply chain resilience in the future.
Although 87 percent of those that suffered a software supply chain attack had either a full strategy in place, or some level of response pre-planned at the time of their attack, 90 percent of respondents confirmed they incurred a financial cost as a result of experiencing a software supply chain attack. The average cost of an attack being over $1.1 million dollars.
Response times are a problem too. On average, respondents from nearly all of the countries surveyed take close to 63 hours to detect and remediate a software supply chain attack.
In the wake of recent attacks and with GDPR now in force, organizations are becoming more concerned about vetting their suppliers and partners. In fact, 58 percent of senior IT decision-makers whose organization has vetted software suppliers in the past 12 months say that they will be more rigorous when evaluating their partners, and nearly 90 percent agree security is a critical factor when making purchasing decisions surrounding new suppliers.
"Fast-moving, advanced threats like supply chain attacks require organizations to adopt new best practices in proactive security and incident response. Our Services team has been called in to support many companies that have suffered business-critical consequences as a result of these prevalent threats," says Shawn Henry, president of CrowdStrike Services and chief security officer. "The new attack methods we see today call for coordinated, efficient and agile defenses. CrowdStrike is supporting customers with a compelling combination of endpoint protection technology, expert services, and intelligence to uncover critical investigation information faster, accelerate incident response, and enable companies to get back to business as quickly as possible."
You can read more about the findings on the CrowdStrike blog.