IT Intelligence Bulletin (HG Insights) — CrowdStrike have announced the results of its global supply chain survey entitled Securing the Supply Chain.
The study surveyed 1,300 senior IT decision-makers and IT security professionals in the US, Canada, UK, Mexico, Australia, Germany, Japan, and Singapore across major industry sectors.
The survey concludes that although nearly 80 percent of respondents believe software supply chain attacks have the potential to become one of the biggest cyber threats over the next three years, few organisations are prepared to mitigate the risks. More specifically:
- Two-thirds of the surveyed organizations experienced a software supply chain attack in the past 12 months. At the same time, 71 percent believe their organization does not always hold external suppliers to the same security standards.
- The vast majority (87 percent) of those that suffered a software supply chain attack had either a full strategy in place, or some level of response pre-planned at the time of their attack.
- Only 37 percent of respondents in the US, UK and Singapore said their organization has vetted all suppliers, new or existing in the past 12 months and only a quarter believe with certainty their organization will increase its supply chain resilience in the future.
- 90 percent of respondents confirmed they incurred a financial cost as a result of experiencing a software supply chain attack. The average cost of an attack was over $1.1 million dollars.
This report continues after the following message from HG Insights:
While supply chain threats can occur in every sector of the economy, the industries that mostly experience these attacks are biotechnology and pharmaceuticals, hospitality, entertainment and media, and IT services. Now that GDPR is in effect, organizations are more concerned about vetting their suppliers and partners. In fact, 58 percent of senior IT decision-makers whose organization has vetted software suppliers in the past 12 months stated that they will be more rigorous when evaluating their partners, and nearly 90 percent agree security is a critical factor when making purchasing decisions surrounding new suppliers.
Although almost 90 percent of the respondents believe they are at risk for supply chain attack, companies are still slow to detect, remediate and respond to threats. On average, respondents from nearly all of the countries surveyed take close to 63 hours to detect and remediate a software supply chain attack, while the leading organisations aim to eject an adversary in less than two hours, also known as “breakout time,” according to prior CrowdStrike research. However, the study indicates that organisations are looking to adopt leading approaches to breach protection such as behavioural analytics, endpoint detection and response, and threat intelligence, with three quarters of respondents using or evaluating these technologies.
“Fast-moving, advanced threats like supply chain attacks require organisations to adopt new best practices in proactive security and incident response. Our Services team has been called in to support many companies that have suffered business-critical consequences as a result of these prevalent threats,” said Shawn Henry, president of CrowdStrike Services and chief security officer. “The new attack methods we see today call for coordinated, efficient and agile defences. CrowdStrike is supporting customers with a compelling combination of endpoint protection technology, expert services, and intelligence to uncover critical investigation information faster, accelerate incident response, and enable companies to get back to business as quickly as possible.”
Send HG Insights your news
Have you got IT news you would like the HG Insights news team to cover? Maybe you have the inside track on a major IT news story or have heard something significant or of interest to the global IT sector. We value all contributions.
Email all press releases / information to News@HGInsights.com and one of our journalists will get back to you.