While enterprise leaders scramble to fend off ever-evolving cyber threats, a new report from CrowdStrike shows why business leaders need to be more precious about their supply chain.
According to the report, 90% of respondents admitted to incurring a financial cost after experiencing a software supply chain attack. The average cost of an attack like this is just over $1.1 million dollars.
Furthermore, 80% of respondents believe software supply chain attacks have the potential to become one of the biggest cyber threats over the next three years.
>See also: As supply chain attacks surge, people hold the key to tighter security
Global reaction
The findings show that companies admit to being unprepared in their defence against supply chain attacks, citing a lack of visibility, tools, and technologies as a root cause for this admission.
While 90% agree that security is a critical factor when making purchasing decisions surrounding new suppliers, only 37% of respondents in the US, UK and Singapore said that their organisation would be willing to vet all of them.
On top of this, only a quarter of respondents believe with certainty that their organisation will increase its supply chain resilience in the future.
>See also: The risk of ignoring risk in the modern enterprise
Key hurdles
The report found that some of the key hurdles holding organisations back from developing a robust protection strategy include; a lack of comprehensive security vetting practices for suppliers and third-parties, as well as slow detection and response to threats.
Respondents, on average, take close to 63 hours to detect and react to a software supply chain attack
>See also: The comprehensive IT security guide for CIOs and CTOs
Comment
CrowdStrike’s vice president of product marketing, Dan Larson, argued that organisations should invest in prevention, detection and response technologies.
In a release, Larson said: “It’s clear that supply chain attacks are becoming a business-critical issue, impacting topline relationships with partners and suppliers but organisations largely lack the knowledge, tools, and technology to be protected.”
“Knowledge gaps and the lack of established standards to prevent complex supply chain attacks are putting organisations at risk from a financial, reputational, and operational perspective.”