IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

'Potentially unsecured' SMBs are propping up an IT supply chain riddled with ransomware

More than half of IT supply chains have been impacted by ransomware attacks in recent years and organisations are failing to implement the necessary steps to prevent future damage

New research has shown that more than half of global organisations have had their supply chains impacted by potentially unsecured SMBs falling victim to ransomware attacks. 

Security firm Trend Micro’s report showed that 52% of supply chains have been affected by the threat and the vast majority of those surveyed (90%) feel that either their partners and customers or both, are making them a “more attractive target” for attacks.

The same proportion of organisations that were affected by ransomware attacks in their supply chains (52%) also said that said supply chains are “very significantly” or “significantly” propped up by SMBs that may be prone to exercising less secure cyber practices.

Despite this, Trend Micro observed that organisations are reluctant to work with their partners to improve security throughout the supply chain.

“We found that 52% of global organisations have had a supply chain organisation hit by ransomware, potentially putting their own systems at risk of compromise”, said Bharat Mistry, technical director at Trend Micro.

“But many aren’t taking steps to improve partner cyber security,” he added. “The first step towards mitigating these risks must be enhanced visibility into and control over the expanding digital attack surface.”

Only 47% of organisations share information about ransomware attacks with partners or suppliers and this figure falls even lower to 25% when it comes to general threat information, the survey results showed.

This led to around one in six (15%) IT leaders reporting that they couldn’t be sure if their partner or supplier had ever suffered a ransomware attack.

Ransomware has topped the list of cyber security threats to businesses for around five years but according to Trend Micro, on average 31% of organisations still don’t feel adequately protected against the threat.

The data from other metrics were largely similar across the regions but the confidence in an organisation’s cyber security posture, looking at the data on a region-by-region basis, varied substantially. 

Hong Kong was the region with the most confidence in its organisations’ cyber security resilience. An average of the 102 respondents from the region showed just 18% were unconvinced about their security posture, despite it reporting the greatest proportion of organisations by region that experienced a ransomware attack in the last three years (83%).

Other regions were more aware of the situation, such as Norway and 58% of its 105 surveyed organisations reported a lack of confidence in their cyber security resiliency.

Related Resource

Cold chain logistics in Europe

How to overcome the unexpected by building resilience, gaining visibility and operating sustainably

Whitepaper cover with employee wearing hi-vis clothing stood at loading door of a warehouse looking out and holding a tether in his gloved handsFree Download

This was a more accurate reflection given the 75% of organisations reporting at least one ransomware attack in the past three years - a figure that placed it on the upper end of average compared to other nations.

Trend Micro said that “there is no silver bullet when it comes to reducing ransomware risk in the supply chain”, but there are several important steps that businesses aren’t currently taking.

“The key is first to gain a comprehensive understanding of the supply chain itself and corresponding data flows so that high-risk suppliers can be identified,” it said. 

“They should be regularly audited where possible against industry baseline standards. And similar checks should be enforced before onboarding new suppliers.”

Implementing security controls such as least-privilege policies for all devices and services, enabling multi-factor authentication (MFA), scanning open source components for security flaws before building into CI/CD pipelines, and performing regular back-ups, among others, can all go a long way in becoming more cyber resilient.

Featured Resources

Accelerating healthcare transformation through patient-centred medtech solutions

Seize the digital transformation opportunities to streamline patient care and optimise patient outcomes

Free Download

Big payoffs from big bets in AI-powered automation

Automation disruptors realise 1.5 x higher revenue growth

Free Download

Hyperscaler cloud service providers top ten

Why it's important for companies to consider hyperscaler cloud service providers, and why they matter

Free Download

Strategic app modernisation drives digital transformation

Address business needs both now and in the future

Free Download

Recommended

Ransomware now strikes one in 40 organisations per week, Check Point finds
ransomware

Ransomware now strikes one in 40 organisations per week, Check Point finds

27 Jul 2022
Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT
ransomware

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT

13 Apr 2022
The secure cloud configuration imperative
Whitepaper

The secure cloud configuration imperative

7 Mar 2022
The secure cloud configuration imperative
Whitepaper

The secure cloud configuration imperative

7 Mar 2022

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
Why Japan finds it so hard to digitally transform
digital transformation

Why Japan finds it so hard to digitally transform

1 Dec 2022