- I tested Samsung's 98-inch 4K QLED TV, and watching Hollywood movies on it left me in awe
- Apple is working on a doorbell that unlocks your door Face ID-style
- 5 biggest Linux and open-source stories of 2024: From AI arguments to security close calls
- Securing the OT Stage: NIS2, CRA, and IEC62443 Take Center Spotlight
- Trump taps Sriram Krishnan for AI advisor role amid strategic shift in tech policy
Half of Firms Report Supply Chain Ransomware Compromise
Over half (52%) of global organizations know a partner that has been compromised by ransomware, yet few are doing anything to improve the security of their supply chain, according to Trend Micro.
The security vendor polled nearly 3000 IT decision makers across 26 countries to produce its latest report, Everything is connected: Uncovering the ransomware threat from global supply chains.
It revealed that that 90% of global IT leaders believe their partners and customers are making their own organization a more attractive ransomware target.
That might be down in part to the fact that SMBs comprise a significant chunk of the supply chain for 52% of respondents. The security of SMBs is generally thought to be less effective than protection in larger, better resourced companies.
However, despite their concerns, less than half (47%) of respondents said they share knowledge about ransomware attacks with their suppliers, while a quarter (25%) claimed they don’t share potentially useful threat information with partners.
This could be because they don’t have useful intelligence to share in the first place. Trend Micro found average detection rates for ransomware payloads at 63%. However, the figure fell considerably for threat activity such as:
- Use of legitimate tooling like Cobalt Strike in attacks (53%)
- Data exfiltration (49%)
- Initial access (42%)
- Lateral movement (31%)
“Many organizations aren’t taking steps to improve partner cybersecurity,” said Trend Micro technical director, Bharat Mistry. “The first step towards mitigating these risks must be enhanced visibility into and control over the expanding digital attack surface.”
The findings chime with an earlier Trend Micro study that revealed 43% of global organizations feel their digital attack surface is “spiralling out of control.”
Alongside best practice cyber-hygiene steps such as multi-factor authentication, regular patching, user education and least-privilege access, the vendor advocates the use of a single platform for attack surface management, and prevention, detection and response capabilities.