A new report from Blackberry Limited has found that four in five software supply chain IT decision makers said their organization had come under cyberattack in the last 12 months.
Blackberry revealed the research during its 9th annual BlackBerry Security Summit. According to its research, 80 percent of IT decision makers said their organization had received notification of a cyberattack or a vulnerability in its supply chain of software. Operating systems and web browsers created the biggest impact, the research found.
Researchers found that 59 percent of the respondents reported significant operational disruptions, while 58 percent reported significant data loss. Nine out of 10 organizations said it took up to a month to recover from the attack.
“While most have confidence that their software supply chain partners have policies in place of at least comparable strength to their own, it is the lack of granular detail that exposes vulnerabilities for cybercriminals to exploit,” said Christine Gadsby, vice president of Product Security at BlackBerry. “Unknown components and a lack of visibility on the software supply chain introduce blind spots containing potential vulnerabilities that can wreak havoc across not just one enterprise, but several, through loss of data and intellectual property and operational downtime, along with financial and reputational impact. How companies monitor and manage cybersecurity in their software supply chain has to rely on more than just trust.”
BlackBerry surveyed 1,500 IT decision makers and cybersecurity leaders in North America, the United Kingdom, and Australia to determine the challenge of securing software supply chains against cyberattacks. It found that despite implementing measures like data encryption, Identity Access Management (IAM), and Secure Privileged Access Management (PAM) frameworks, more than 77 percent said they had discovered participants in their software supply chain they did not previously know about.
On average, organizations performed a quarterly inventory of their own software environment but were prevented from monitoring it more frequently because of a lack of skills and visibility.