Articles about supply chain attacks

A host of 'black swan' events have hit companies’ supply chains over the past two years, straining existing processes and structures. Beyond the obvious impact of COVID-19, the Suez Canal blockage, chip shortages, and Brexit -- now organizations are trying to mitigate disruptions from the war in Ukraine and rising inflation.

The end result: a stronger need than ever before to enhance levels of communication, collaboration and joint decision making across the supply chain, to reduce risk in the face of challenges still to come.

Continue reading →

Supply chain attacks have been on the threat radar of many organizations and their security teams for several years. However, since the infamous SolarWinds attack in 2020 -- which led to widespread and damaging compromises of data, networks and systems -- the supply chain attack vector has taken on a new level of focus. Indeed, supply chain attacks, which have become an effective way for hackers to gain access to IT networks at scale, and as such, are among the most worrying cybersecurity risks currently facing organizations today.

Supply chain risks come in many forms -- from complex to relatively simplistic. The UK government’s Cyber Security Breaches Survey, which explores organizations’ policies, processes, and approaches to cybersecurity and is used to inform government cybersecurity policy, looked at this in its latest report. The 2022 survey reveals that just 13 percent of businesses review the risks posed by their immediate suppliers, with that number dropping to 7 percent for their wider supply chain. Possibly even more concerning, many organizations commonly perceive 'big tech' companies to be "invulnerable to cyber attacks".

Continue reading →

A new study reveals that while 80 percent of enterprises are using open source software (OSS) -- set to rise to 99 percent in the next year -- a mere one percent say they aren't worried about security.

The report from Synopsys, based on research by Enterprise Strategy Group (ESG), shows that in response to high profile supply chain attacks 73 percent of respondents say they have increased their efforts significantly to secure their organizations' software supply chain.

Continue reading →

The power of software supply chain attacks was amply demonstrated by SolarWinds but two years on some organizations are still vulnerable thanks to the use of source code management (SCM) systems.

IBM's X-Force Red ethical hacking team has been able to successfully gain access to SCM systems during an adversary simulation engagement in most cases.

Continue reading →

A new report released today by ForgeRock shows the average cost of a breach in the US has increased by 16 percent to $9.5m, making the US the costliest place in the world to recover from a breach.

It also reveals a massive 297 percent surge in breaches caused primarily by security issues associated with supply chain and third-party suppliers and representing almost 25 percent of all breaches.

Continue reading →

A new global study of 1,000 CIOs finds that 82 percent say their organizations are vulnerable to cyberattacks targeting software supply chains.

The research from machine identity specialist Venafi suggests the shift to cloud native development, along with the increased speed brought about by the adoption of DevOps processes, has made the challenges connected with securing software supply chains infinitely more complex.

Continue reading →

Supply chains are fast becoming one of the top targets for cyber criminals, so when it comes to supply chain risk management, organizations in every industry need to start paying more attention.

While the vast majority of business leaders recognize that cybersecurity is now a key priority, the UK’s Department for Digital, Culture, Media and Sport (DCMS) recently noted that in too many instances, actions aren’t keeping up with intentions. In fact, nearly a third of UK companies admitted they aren’t currently taking any preventative action at all.  

Continue reading →

In recent years we've seen a trend towards attacks targeting the software supply chain rather than being directly against businesses.

Attacks can include poisoning the software components, stealing secrets to compromise an account, or modifying code repositories to allow for exploits.

Continue reading →

A new study into third-party risk management shows that 45 percent of organizations experienced a third-party security incident in the last year.

But the report from Prevalent also also reveals that eight percent of companies don't have a third-party incident response program in place, while 23 percent take a passive approach to third-party incident response.

Continue reading →

Researchers at Forescout's Vedere Labs have discovered a set of vulnerabilities targeting the PTC Axeda agent which is commonly used in medical and IoT devices.

The Axeda agent enables device manufacturers to remotely access and manage connected devices, making these vulnerabilities reminiscent of the Kaseya hack and the SolarWinds Orion compromise.

Continue reading →

Digital supply chain breaches are becoming more common, as supply chains increase in complexity so the attack surface grows and even smaller businesses can have complex webs of connections.

But how do supply chain breaches impact businesses? And what can they do to cut the risk? We spoke to Jeremy Hendy, CEO of digital risk protection specialist Skurio, to find out.

Continue reading →

2021 saw supply chain and ransomware attacks dominate the security landscape. But will this pattern continue this year?

Managed detection and response provider Expel has launched a new report which provides insights on the biggest cybersecurity threats, practical recommendations on how to handle them, and predictions on what to expect in the year ahead.

Continue reading →

Software supply chain attacks grew by more than 300 percent in 2021 compared to 2020 as attackers focused on open source vulnerabilities and poisoning, code integrity issues, and exploiting the software supply chain process and supplier trust to distribute malware or backdoors.

According to Aqua Security's Argon Security arm, 2021 Software Supply Chain Security Review, security across software development environments remains low, and significantly, every company evaluated had vulnerabilities and misconfigurations that could expose them to supply chain attacks.

Continue reading →

The transition to remote and hybrid working has led enterprises to radically revise the way they operate. This has thrown up a variety of new challenges in ensuring systems remain secure.

Industry experts give us their views on what security issues businesses will face as we head into 2022.

Continue reading →

In recent years many of the most high-profile cyberattacks have come through the supply chain, involving third-party suppliers and partners.

It's historically been difficult for businesses to assess third-party risks, often involving time consuming manual processes in order to do so.

Continue reading →