A recent study found two thirds of organizations are hit by supply chain attacks despite having defense strategies in place.
Of the 1,300 senior IT decision makers and IT security professionals surveyed by CrowdStrike researchers, 87 percent had suffered an attack even with either a full strategy or some level of preplanned response in place, according to the company’s Securing the Supply Chain report.
Employee confidence in their organizations appeared to be down with 71 percent of respondents believing their organizations don’t always hold external suppliers to the same internal security standards.
The study also found 80 percent of U.S. respondents said supply chain attacks have the potential to become one of the biggest threats of the next three years.
“It’s clear that supply chain attacks are becoming a business-critical issue, impacting topline relationships with partners and suppliers but organizations largely lack the knowledge, tools, and technology to be protected,” Shawn Henry, president of CrowdStrike Services and chief security officer, said in a release.
“Knowledge gaps and the lack of established standards to prevent complex supply chain attacks are putting organizations at risk from a financial, reputational, and operational perspective,” he said, emphasizing the importance of effective prevention, detection and response technologies to mitigate growing risks.
The study also found only 37 percent of respondents in the U.S. said their organizations had vetted all suppliers, new or existing, in the past 12 months and, as a result, only one-quarter believe with certainty their organizations will increase their supply chain resilience in the future.
As with most cyber incidents, these supply chain attacks are costly, with 90 percent of respondents confirming they incurred a financial cost as a result of experiencing a software supply chain attack. The average cost of an attack was $1.1 million.
Despite the obstacles the survey results show new solutions may help curb attack with 44 percent of the respondents planning to use artificial intelligence and or machine learning to fight software supply chain attacks in the next 12 months.