Half of Firms Report Supply Chain Ransomware Compromise


Over half (52%) of global organizations know a partner that has been compromised by ransomware, yet few are doing anything to improve the security of their supply chain, according to Trend Micro.

The security vendor polled nearly 3000 IT decision makers across 26 countries to produce its latest report, Everything is connected: Uncovering the ransomware threat from global supply chains.

It revealed that that 90% of global IT leaders believe their partners and customers are making their own organization a more attractive ransomware target. 

That might be down in part to the fact that SMBs comprise a significant chunk of the supply chain for 52% of respondents. The security of SMBs is generally thought to be less effective than protection in larger, better resourced companies.

However, despite their concerns, less than half (47%) of respondents said they share knowledge about ransomware attacks with their suppliers, while a quarter (25%) claimed they don’t share potentially useful threat information with partners.

This could be because they don’t have useful intelligence to share in the first place. Trend Micro found average detection rates for ransomware payloads at 63%. However, the figure fell considerably for threat activity such as:

  • Use of legitimate tooling like Cobalt Strike in attacks (53%)
  • Data exfiltration (49%)
  • Initial access (42%)
  • Lateral movement (31%)

“Many organizations aren’t taking steps to improve partner cybersecurity,” said Trend Micro technical director, Bharat Mistry. “The first step towards mitigating these risks must be enhanced visibility into and control over the expanding digital attack surface.”

The findings chime with an earlier Trend Micro study that revealed 43% of global organizations feel their digital attack surface is “spiralling out of control.”

Alongside best practice cyber-hygiene steps such as multi-factor authentication, regular patching, user education and least-privilege access, the vendor advocates the use of a single platform for attack surface management, and prevention, detection and response capabilities.



Source link