• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • COVID-19 Update
  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • Latest News
  • About Us
    SEARCH
Compliance, IT Infrastructure, Managed Service, News

Supply Chain Attacks Jump 51% In Second Half of 2021

Malicious actors are increasingly attacking the software supply chain, leading to renewed calls for supplier transparency.

April 12, 2022 Zachary Comeau Leave a Comment

Log4j, Most Exploited Vulnerabilities
stock.adobe.com/Andreas Prott

Recent IT supply chain attacks such as the SolarWinds compromise, ransomware campaign that leveraged the Kaseya VSA platform or mass exploitation of the Log4j vulnerabilities have renewed focus on such attacks, which NCC Group says increased by 51% in the last half of 2021.

The consulting and managed services firm’s global survey of 1,400 cybersecurity decision makers found that organizations are taking this into consideration, noting supplier risk as a top challenge for the next six-to-12 months, with plans to increase security budgets by an average of 10% this year.

NCC Group’s research suggests that just over a third of organizations think they are more responsible for preventing, detecting and resolving supply chain attacks than their suppliers. Meanwhile, 53% said both parties are equally responsible for securing software supply chains.

Despite plenty of responsibility to go around, only half of organizations surveyed said it demand suppliers meet certain security standards as part of its contracts. Further, more than a third of organization surveyed said it does not regularly monitor and risk assess the cybersecurity arrangements with its suppliers.

Recent supply chain security issues have renewed calls for software supply chain security, including software bills of materials (SBOM) that spell out each component being used in a piece of software, including where vulnerabilities may exist.

The U.S. government last year defined the minimum elements of an SBOM, calling the document a formal record containing the details and supply chain relationships of various components used in software.

“SBOM will not solve all software security problems, but will form a foundational data layer on which further security tools, practices, and assurances can be built,” the U.S. Department of Commerce said in its report.

Many organizations work closely with its software suppliers by integrating it into its IT infrastructures to increase efficiencies and strengthen operations, but this can actually increase risk by widening potential attack surfaces, said Arina Palchik, global commercial director of remediation at NCC Group, in a statement.

That can lead to security gaps and serve as entry points for cyberattacks such, and judging from NCC Group’s repot, that is playing out.

“It’s encouraging that organizations recognize supplier risk as one of their top challenges for 2022. However, our findings uncovered specific areas for improvement including clarity around responsibility for preventing, detecting and resolving attacks and lax controls for supplier assurance,” Palchik said. “It’s important that any investment in security addresses these areas to reduce third-party risk and enable organisations to work with their suppliers in confidence.”

Tagged With: Cybersecurity, SBOM, Supply Chain

Related Content:

  • Google G Suite, Workspace Most Users Google’s G Suite Legacy Free Edition…
  • Microsoft Cloud for Sustainability Microsoft Cloud for Sustainability Helps Organizations Manage Their…
  • cybersecurity, business. MAPP, Syxsense Syxsense Joins Microsoft Active Protections Program (MAPP)
  • Weston School District Digital Signage Weston School District Implements Digital Signage Strategy with…

Free downloadable guide you may like:

  • The State of the IT Department in 2022

    The role of the IT professional has shifted from one that supports the business to one that is deserving of a seat at the table when it comes to making business decisions. Check out our new report to see what your peers in IT think about top concerns and opportunities in 2022.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

The State of the IT Department in 2022

The role of the IT professional has shifted from one that supports the business to one that is deserving of a seat at the table when it comes to ma...

Hybrid Work Challenges
The Three Most Common Hybrid Work Challenges Two Years Into the Pandemic

Many of us have been working in a hybrid environment for two years now. Our editors thought this would be a good time to take a look at what’s work...

These 10 IT Certifications Are Critical To An IT Pro’s Success in 2022

Here are 10 cloud, data and security certifications that we identify as critical to an IT professional’s resume in 2022 and beyond, according to a ...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Terms of Use
  • Privacy Policy
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!

© 2022 Emerald X, LLC. All rights reserved.