Articles about supply chain attacks

A new study reveals that 97 percent of firms surveyed have been negatively impacted by a cybersecurity breach that occurred in their supply chain and 93 percent have suffered a direct cybersecurity breach.

The third-party cyber risk survey form BlueVoyant also shows the average number of breaches experienced in the last 12 months grew from 2.7 in 2020 to 3.7 in 2021 -- a 37 percent year-on-year increase.

Continue reading →

High-profile ransomware and software supply chain disruptions are driving increased attention on software security, according to the latest Building Security In Maturity Model (BSIMM) report from Synopsys.

The BSIMM12 data indicates a 61 percent increase in software security groups' identification and management of open source over the past two years, almost certainly due to the popularity of open source components in modern software and the rise of attacks using open source projects as vectors.

Continue reading →

A new report by the Cyentia Institute, sponsored by risk management company RiskRecon has analyzed over 800 cyber incidents and their impact on multiple downstream organizations.

It finds that multi-party loss events that impact thousands of downstream organizations, otherwise known as 'ripple events', can result in 26x larger financial losses than traditional single-party incidents.

Continue reading →

A new survey from Venafi reveals that 94 percent of executives believe there should be clear consequences -- such as fines and greater legal liability for companies proven to be negligent -- for software vendors that fail to protect the integrity of their software build pipelines.

However, most have done little to change the way they evaluate the security of the software they purchase and the assurances they demand from software providers.

Continue reading →

Many recent cyberattacks have focused on the software supply chain, with SolarWinds being perhaps the most high profile example.

Businesses can often have a blind spot when it comes to the supply chain and this can have catastrophic consequences. We spoke to Todd Carroll, CISO of CybelAngel to learn more about the problem and what companies can do to keep themselves safe.

Continue reading →

Software supply chain attacks like that on SolarWinds have become more of a threat in recent months. But when it comes to defending against them businesses can't decide who is responsible according to a new report.

The study from machine identity management company Venafi is based on the opinions of over 1,000 information security professionals, developers and executives in the IT and software development industries.

Continue reading →

New research reveals a continued rise in cyberattacks targeting container infrastructure and supply chains, and shows that it can take less than an hour to exploit vulnerable container infrastructure.

The latest threat report from cloud-native security company Aqua Security offers a detailed analysis of how bad actors are getting better at hiding their increasingly sophisticated attacks.

Continue reading →

New research from Tenable's Security Response Team finds that third-party attacks accounted for over a quarter of breaches disclosed over the past year.

More worrying is that a breach of a single company linked back to 61 healthcare customers. The research reveals the impact of third-party attacks, how hard the healthcare sector has been hit by cyberattacks and just how rampant ransomware has been during Covid-19.

Continue reading →