A recent study revealed that a staggering 74% of software supply chains have experienced cyber attacks in the past year, indicating a significant increase in both the frequency and financial impact of these incidents. The survey, which gathered insights from 200 IT decision-makers and cybersecurity leaders in the UK, coincides with the government’s efforts to enhance software resilience and security as part of the National Cyber Strategy, which involves a £2.6 billion investment. The findings uncovered various vulnerabilities within software supply chains that require urgent attention. A concerning discovery was the prevalence of hidden participants within these chains, with over two-thirds of businesses reporting the recent identification of these unknown entities.
This lack of oversight is often attributed to deficiencies in regulatory and compliance processes, with less than 20% of UK companies requesting ongoing security compliance evidence from suppliers post-onboarding. In addition to oversight issues, organizations also face challenges related to technical understanding and visibility in their software supply chain inventories. Limited technical expertise and inadequate visibility hinder the consistent enforcement of robust security measures, with over half of respondents citing insufficient technical know-how as a barrier to frequent monitoring. The study also outlined the types of security measures currently employed by UK organizations, including data encryption, staff training programs, and multi-factor authentication.
However, these efforts are hampered by the lack of ongoing compliance checks, with fewer than one-fifth of companies requesting continuous evidence of adherence to security standards from their suppliers. Despite the high level of confidence expressed by respondents in their suppliers’ ability to identify and prevent vulnerabilities, the reality is that few companies consistently verify compliance, leaving openings for cyber criminals to exploit. The study emphasized the critical need for improved security measures and practices across software supply chains, particularly in light of the significant financial loss, data loss, reputational damage, and operational impact reported by affected organizations. As a solution, the study suggests the adoption of advanced technologies, such as AI-powered Managed Detection and Response (MDR) tools, which offer continuous threat monitoring and can assist IT teams in managing complex security incidents more effectively.
As organizations navigate the evolving landscape of cybersecurity threats, implementing these advanced technologies may be crucial in safeguarding against future attacks.