Supply Chain Cyber Attacks Expected To Quadruple

BACKGROUND:

The European Union Agency for Cybersecurity (ENISA) has found that 66 percent of supply chain attacks focus on the supplier’s code. Supply chain attacks have been a concern for cybersecurity experts for many years because the chain reaction triggered by one attack on a single supplier can compromise a network of providers. Malware is the attack technique used in 62% of attacks, according to the new ENISA report Threat Landscape for Supply Chain Attacks, which analyzed 24 recent attacks. ENISA says strong security protection is no longer enough for organizations when attackers have already shifted their attention to suppliers. This is evidenced by the increasing impact of these attacks such as downtime of systems, monetary loss, and reputational damage.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Tim Mackey
Tim Mackey , Principal Security Strategist, Synopsys CyRC (Cybersecurity Research Center)
InfoSec Expert
August 3, 2021 12:30 pm

<p>Traditionally, cybersecurity incidents have involved direct attacks between malicious actors and their victims. The Threat Landscape for Supply Chain Attacks report highlights an important shift in cybercriminals’ tactics – indirectly targeting victims through the software of their trusted third-party suppliers and service providers. With businesses becoming increasingly reliant on complex software supply chains, this is an important trend to follow, and one that should be factored into any cyber-risk management plans. The importance of this is underscored in the report which found that 2/3 of the software suppliers were unaware that they’d been compromised. Considering the importance of application security practices in most software companies, this lack of awareness points to a gap in the process. A gap where threat models likely need revising to account for how software supply chains work and one where an objective review of security initiatives such as the taxonomy maintained by the BSIMM community.</p>

Last edited 1 year ago by Tim Mackey
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x