"BlackBerry Commissioned Research Reveals Four in Five Software Supply Chains Exposed to Cyberattack in the Last 12 Months"
BlackBerry announced new research at the 9th annual BlackBerry Security Summit, revealing the scope of software supply chain cybersecurity vulnerabilities in today's organizations. In the last 12 months, four in five (80 percent) IT decision-makers said their organization had received notification of an attack or vulnerability in its software supply chain, with the operating system and web browser having the most impact. In addition, respondents reported significant operational disruption (59 percent), data loss (58 percent), and reputational impact (52 percent), with nine out of ten organizations (90 percent) requiring up to a month to recover. The findings come at a time when there is increased regulatory and legislative interest in addressing software supply chain security vulnerabilities in the US. The survey of 1,500 IT decision-makers and cybersecurity leaders from North America, the UK, and Australia revealed that securing software supply chains against cyberattacks is a significant challenge, even when recommended measures such as data encryption, Identity Access Management (IAM), and Secure Privileged Access Management (PAM) frameworks are used. Despite enforcing these measures across partners, over than three-quarters (77 percent) of respondents had discovered unknown participants in their software supply chain that they were not previously aware of and had not been monitoring for compliance with critical security standards in the previous 12 months. While organizations were found to perform a quarterly inventory of their own software environment on average, factors such as a lack of skills (54 percent) and visibility (44 percent) prevented them from performing more frequent monitoring. Seventy-one percent said they would welcome tools to improve software library inventory within their supply chain and provide greater visibility to software affected by a vulnerability. Similarly, 72 percent supported increased government oversight of open-source software to improve its security against cyber threats. This article continues to discuss key findings from BlackBerry's research on software supply chain cybersecurity vulnerabilities.