Attacks on supply chain networks have gone up in the last few years, as it is not always easy to keep all partners in sync when it comes to securing the endpoints. According to a May 2019 report by cyber security firm McAfee, internal actors including contractors and third-party suppliers accounted for over 40% of data breaches faced by enterprises worldwide in 2018.
However, a recent global study named Impossible Puzzle of Cybersecurity, based on a survey involving 3,100 IT decision makers from mid-sized businesses, by endpoint and network security firm Sophos, claims that only 24% of Indian IT managers consider supply chain as a major security risk.
The survey also points out that 27% of Indian IT managers see IoT (Internet of Things) threats as a top security risk while 21% see internal staff as one of the weak links cybercriminals go after.
Researchers at Sophos caution that with increase in supply chain attacks, phishing emails, software exploits and insecure wireless networks, enterprises need to switch to security solutions which focus on eliminating gaps and identifying unseen threats.
Responding to the factors responsible for the attacks, the respondents acknowledge that 33% of attacks were carried out through phishing emails. In fact, email and web account for nearly two-thirds of attacks.
Among other culprits, software vulnerability accounted for 23% of attacks and external devices including USB drives for 14% attacks.
Surprisingly, 20% of IT managers didn’t have a clue on how a major attack got in.
The survey covered businesses with workforce of 100 to 5,000 in 12 countries including US, Canada, Brazil, UK, France, Germany, Australia, Japan and India. Around 300 respondents belonged to Indian companies, while 500 companies belonged to IT, technology and telecom; 429 belonged to retail, distribution and transport; 349 belonged to financial services.