Ethical Hacking News
Global businesses are facing a growing threat from supply chain attacks, with nearly four in five organizations admitting that less than half of their nth-party supply chain is overseen by a cybersecurity program. Cybersecurity experts urge organizations to implement effective measures to mitigate this risk, but most are still flying blind when it comes to securing their supply chains.
79% of organizations admit that less than half of their nth-party supply chain is overseen by a cybersecurity program. 62% of security leaders state that less than half of their third and nth-party suppliers match their own organization's security requirements. Only 38% of organizations have formal onboarding and offboarding processes for vendors, leaving them vulnerable to security breaches. 26% of organizations carry out joint tabletop exercises with their suppliers, highlighting the lack of communication and collaboration between organizations. Nearly four in five organizations (71%) have experienced at least one incident that had a material impact on their business in the past year alone. Data overload is the most common blockade to supply chain security, according to Verizon's 2024 data breach investigations report. Only 56% of respondents carry out risk assessments on all supply chain members using reliable methods. A staggering 63% of organizations have cyber insurance coverage for worst-case scenarios.
Supply chain attacks have become a major concern for global businesses, with nearly four in five organizations (79 percent) admitting that less than half of their nth-party supply chain is overseen by a cybersecurity program. This staggering statistic reveals the growing threat of cyber attacks on global supply chains, which are often considered as "invisible" to most organizations.
The lack of visibility into their wider supply chain has led to grim reading for security leaders, with nearly two-thirds (62 percent) of them stating that less than half of their third and nth-party suppliers match their own organization's security requirements. This glaring omission highlights the failure of most organizations to implement effective supply chain cybersecurity measures.
Moreover, the lack of formal onboarding and offboarding processes when it comes to introducing or removing vendors from their environments is a further cause for concern. Only 38 percent of organizations have such processes in place, which leaves them vulnerable to potential security breaches. Furthermore, even fewer (26 percent) carry out joint tabletop exercises with their suppliers, highlighting the lack of communication and collaboration between organizations.
The consequences of these oversights are dire, with nearly four in five organizations (71 percent) reporting that they have experienced at least one incident that had a material impact on their business in the past year alone. This includes three or more incidents (37 percent), which highlights the severity of the threat posed by supply chain attacks.
The most common blockade to supply chain security is indeed a data overload, as reported by Verizon's 2024 data breach investigations report. When the responsibility for managing supply chain security falls to the security operations center (SOC) team, it becomes a pain point due to being inundated with alerts on even the best of days.
The solution to this problem lies in cyber resilience, which refers to an organization's ability to detect, neutralize, and recover quickly from any kind of cyber attack. While not easy to achieve, ensuring that organizations do the basics right can mitigate the adverse effects of a third-party security breach.
One aspect of a supply chain cybersecurity strategy is carrying out risk assessments on all supply chain members. However, most organizations are failing to take this step effectively, as risk assessments are often completed using questionnaires, self-reported ones at that, which leads to biased and unverified conclusions. Moreover, only 56 percent of respondents said they have carried out such assessments, although 36 percent experience difficulties in getting useful responses.
Another common step taken by most organizations is taking out a cyber insurance policy that specifically covers worst-case scenarios. A staggering 63 percent of all organizations have coverage for these events, which suggests that some organizations are taking proactive steps to mitigate the risk posed by supply chain attacks.
Furthermore, training employees on cybersecurity awareness and continuous monitoring are also common practices, although most security leaders only report making use of them a minority of the time.
The alarming trend of supply chain attacks has sparked concerns among cybersecurity experts, who preach the value of cyber resilience. However, the reality is that achieving true resilience requires a holistic supply chain cybersecurity strategy.
In conclusion, the growing threat of supply chain attacks demands immediate attention from global businesses and their security leaders. While some organizations are taking proactive steps to mitigate this risk, most are still flying blind when it comes to securing their supply chains.
A better understanding of the risks posed by supply chain attacks is essential for organizations to implement effective cybersecurity measures and ensure the resilience of their supply chains. As SecurityScorecard noted, "the way most organizations manage supply chain cyber risk isn't keeping pace with the expanding threats." It's high time for leaders to move beyond prevention and toward resilience.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Dark-Side-of-Global-Supply-Chains-A-Growing-Threat-to-Cybersecurity-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/06/25/supply_chain_attacks_hammer_organizations/
Published: Wed Jun 25 13:42:39 2025 by llama3.2 3B Q4_K_M
