Islamabad (TDI): Supply chain attacks have emerged as one of the most significant threats to businesses worldwide, with a recent study by Kaspersky revealing that one in three organizations experienced such an attack over the past year.
The study highlights that a shortage of qualified IT security professionals and the need for organizations to prioritize multiple security tasks are key factors exacerbating the risk, cited by 42% of respondents.
The survey identifies several barriers to mitigating supply chain and trusted relationship risks. Chief among them is the lack of skilled cybersecurity staff. Many organizations also struggle to manage competing security priorities, leaving potential vulnerabilities in supply chains unaddressed. Structural gaps were also noted: 39% of respondents said contracts with third-party providers lack clear IT security obligations, while 32% reported that non-IT staff often fail to fully understand these risks.
Globally, according to the survey, an overwhelming 85% of businesses admit their organizations need to upgrade protection against supply chain and trusted relationship risks, with only 15% of enterprises considering their current security measures effective.
Read More: Pakistan to Direct Surplus Food Exports to Gulf as Conflict Disrupts Supply Chains
At the same time, the results of the survey showed that current mitigation practices for third-party risks remain fragmented, with no way of protection getting more than 40% of current adopters. Even the most common protective measure, two-factor authentication, is used by only 38% of respondents. In addition, only 35% of organizations conduct regular reviews of contractors’ cybersecurity postures.
As a result, nearly two thirds of businesses lack ongoing visibility into the security of their partners, leaving them exposed to evolving vulnerabilities across their ecosystems.
It’s noteworthy, that companies that have already experienced supply chain and trusted relationship attacks, tend to adopt stronger security habits. Those hit by supply chain incidents are more likely to request penetration test results (56%), while victims of trusted relationship breaches prioritize checks on compliance with industry standards (56%) and their contractors’ own supply chain policies (53%).
“When security teams are overstretched, understaffed and have to prioritize urgent tasks over long term resilience priorities, organizations are left exposed to threats that can move silently through their provider ecosystem. To break this cycle, the industry needs to adopt more unified and consistent mitigation strategies, from standardized contractor assessments to stronger cross team awareness. Supply chain security should become a shared, enforceable responsibility across the entire business network,” comments Sergey Soldatov, Head of Security Operations Center at Kaspersky.
Read More: US Hosts Global Critical Minerals Summit to Strengthen Supply Chains
For mitigating such risks, Kaspersky recommends adopting managed security services. For organizations lacking dedicated cybersecurity resources, the best solution is to resort to outsourcing. Enhance the cybersecurity knowledge of your employees with practically-oriented self-guided or live Kaspersky Cybersecurity Training. These educational programs help security professionals advance their hard skills and protect companies against sophisticated attacks.
Thoroughly evaluate suppliers before entering a deal. Check their cybersecurity policies, information about past incidents and compliance with industry security standards. Contracts with suppliers should include specific information security requirements, such as regular security audits, compliance with your organization’s relevant security policies, and incident notification protocols. Collaborate with suppliers on security issues. More recommendations along with other findings on supply chain risks mitigation are available via the link.
Sohail Majeed
Sohail Majeed is a Special Correspondent at The Diplomatic Insight. He has twelve plus years of experience in journalism & reporting. He covers International Affairs, Diplomacy, UN, Sports, Climate Change, Economy, Technology, and Health.
