Cyber Security

One in five data breaches due to software supply chain compromise, IBM report warns

Supply chain attacks on the rise, costing businesses more year on year as organizations failing to implement zero trust strategies.

This is according to IBM’s new Cost of a Data Breach report, which found that one in five breaches occurred because of a compromise at a business partner, with a supply chain breach taking on average 26 days longer to identify and contain than the global average.

The total cost of a supply chain compromise was $4.46 million – 2.5% higher than average.

The report also found that the global average cost of a data breach has hit an all-time high of $4.35 million – up nearly 13% over the last two years.

“Seventeen per cent of breaches in critical infrastructure organizations occurred due to a business partner being initially compromised – this shows us that organizations need to put more focus on the security controls that govern third party access,” John Hendley, head of strategy at IBM Security X-Force told The Daily Swig.

Zero trust, zero problems?

Critical infrastructure organizations such as financial services, industrial, transportation, and healthcare companies are a growing target for these attacks, says IBM, and zero trust is the best way to guard against attack.

“Organizations need to be more vigilant than ever and closely scrutinize these external points of access into their environment, whether that’s through direct network access, applications, or even physical access,” says Hendly.

“Supply chain attacks are of great concern, both because of how insidious they are and how extreme their impacts can be. We saw this play out with SolarWinds, and we’ll surely see more of these attacks in the future.”

Supply chain attacks on the rise, costing businesses more year on year as organizations failing to implement zero trust strategies.

This is according to IBM’s new Cost of a Data Breach report, which found that one in five breaches occurred because of a compromise at a business partner, with a supply chain breach taking on average 26 days longer to identify and contain than the global average.

The total cost of a supply chain compromise was $4.46 million – 2.5% higher than average.

The report also found that the global average cost of a data breach has hit an all-time high of $4.35 million – up nearly 13% over the last two years.

“Seventeen per cent of breaches in critical infrastructure organizations occurred due to a business partner being initially compromised – this shows us that organizations need to put more focus on the security controls that govern third party access,” John Hendley, head of strategy at IBM Security X-Force told The Daily Swig.

Zero trust, zero problems?

Critical infrastructure organizations such as financial services, industrial, transportation, and healthcare companies are a growing target for these attacks, says IBM, and zero trust is the best way to guard against attack.

“Organizations need to be more vigilant than ever and closely scrutinize these external points of access into their environment, whether that’s through direct network access, applications, or even physical access,” says Hendly.

Advertisement. Scroll to continue reading.

“Supply chain attacks are of great concern, both because of how insidious they are and how extreme their impacts can be. We saw this play out with SolarWinds, and we’ll surely see more of these attacks in the future.”

Source: https://portswigger.net/daily-swig/one-in-five-data-breaches-due-to-software-supply-chain-compromise-ibm-report-warns

Click to comment

You May Also Like

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Cyber Security

The administration and its private sector partners announced a slate of new initiatives on Monday aimed at protecting the nation’s school systems and their...

Cyber Security

The plan includes measures for improving cybersecurity knowledge at all levels of education and improving how the federal government attracts, hires and pays cybersecurity...

Cyber Security

Using a vulnerability in MOVEit Transfer, hackers gained access to 8 to 11 million individuals’ ‘Users Data’ protected health information. Maximus, a US government contracting...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO

Exit mobile version