DTX Manchester DTX Manchester
  • About Us
Monday, 18 January, 2021
IT Security Guru
CTX Manchester 2020 banner ad
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Supply Chain Attacks on the Rise as One of the Biggest New Threat Vectors as Organisations Scramble to Close Gaps

by The Gurus
July 25, 2018
in Editor's News
Share on FacebookShare on Twitter

CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced the results of its global supply chain survey, Securing the Supply Chain, produced by independent research firm Vanson Bourne. The study surveyed 1,300 senior IT decision-makers and IT security professionals in the US, Canada, UK, Mexico, Australia, Germany, Japan, and Singapore across major industry sectors.

The survey concludes that although nearly 80 percent of respondents believe software supply chain attacks have the potential to become one of the biggest cyber threats over the next three years, few organisations are prepared to mitigate the risks. More specifically:

  • Two-thirds of the surveyed organisations experienced a software supply chain attack in the past 12 months. At the same time, 71 percent believe their organisation does not always hold external suppliers to the same security standards.
  • The vast majority (87 percent) of those that suffered a software supply chain attack had either a full strategy in place, or some level of response pre-planned at the time of their attack.
  • Only 37 percent of respondents in the US, UK and Singapore said their organisation has vetted all suppliers, new or existing in the past 12 months and only a quarter believe with certainty their organisation will increase its supply chain resilience in the future.
  • 90 percent of respondents confirmed they incurred a financial cost as a result of experiencing a software supply chain attack. The average cost of an attack was over $1.1 million dollars.

While supply chain threats can occur in every sector of the economy, the industries that mostly experience these attacks are biotechnology and pharmaceuticals, hospitality, entertainment and media, and IT services. Following last year’s NotPetya attack and with GDPR in effect, organisations are more concerned about vetting their suppliers and partners. In fact, 58 percent of senior IT decision-makers whose organisation has vetted software suppliers in the past 12 months stated that they will be more rigorous when evaluating their partners, and nearly 90 percent agree security is a critical factor when making purchasing decisions surrounding new suppliers.

Although almost 90 percent of the respondents believe they are at risk for supply chain attack, companies are still slow to detect, remediate and respond to threats. On average, respondents from nearly all of the countries surveyed take close to 63 hours to detect and remediate a software supply chain attack, while the leading organisations aim to eject an adversary in less than two hours, also known as “breakout time,” according to prior CrowdStrike research. However, the study indicates that organisations are looking to adopt leading approaches to breach protection such as behavioral analytics, endpoint detection and response, and threat intelligence, with three quarters of respondents using or evaluating these technologies.

“Fast-moving, advanced threats like supply chain attacks require organisations to adopt new best practices in proactive security and incident response. Our Services team has been called in to support many companies that have suffered business-critical consequences as a result of these prevalent threats,” said Shawn Henry, president of CrowdStrike Services and chief security officer. “The new attack methods we see today call for coordinated, efficient and agile defences. CrowdStrike is supporting customers with a compelling combination of endpoint protection technology, expert services, and intelligence to uncover critical investigation information faster, accelerate incident response, and enable companies to get back to business as quickly as possible.”

According to Gartner, “Software- and hardware-based supply chain attacks are also trending up… Consequently, monitoring higher layers for behaviour indicative of an attack is crucial to obtain better protection against advanced adversaries. EDR capabilities are a prerequisite to enable behavioural-based attack detection.”[1]

CrowdStrike is the pioneer of cloud-delivered endpoint protection. Leveraging artificial intelligence (AI), the CrowdStrike Falcon® platform is the new standard for endpoint protection. Recently, the company was recognised as a Leader in The Forrester Wave™: Endpoint Security Suites, Q2 2018 report and was positioned the highest in ability to execute and furthest in completeness of vision in the Visionaries Quadrant of the 2018 Gartner Magic Quadrant for Endpoint Protection Platforms (EPP).[2]

[1] Gartner, Roadmap for Improving Endpoint Security, Published:19 June 2018 ID: G00343353, Analyst(s) Peter Firstbrook

[2]  Gartner, Magic Quadrant for Endpoint Protection Platforms, Published: 24 January 2018 ID: G00325704, Analyst(s): Ian McShane | Avivah Litan | Eric Ouellet | Prateek Bhajanka

0 0 vote
Article Rating
FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Dust yourself off and try again: Ancient Solaris patch missed the mark

Next Post

IoT security – A barrier to deployment?

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

game

400,000 customer details compromised in Resident Evil and Street Fighter gaming company ransomware attack

January 15, 2021

XSS vulnerability affects government websites

January 15, 2021

COVID-19 State of Remote Work Survey: 34% of Workers Felt Pressure to Return to the Office

January 15, 2021
CCTV used to spy

Ethics Officer Facing Cyberstalking Charge

January 15, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept