“Naïve” Australian companies know supply chains create security problems, but aren’t fixing them

Issues with the security of supply-chain partners will be one of the biggest security threats CISOs face in coming years, a security expert has warned as new figures revive concerns that “naïve” Australian companies are failing to factor cybersecurity into their purchasing and vetting procedures.

Just a third of respondents to CrowdStrike’s Securing the Supply Chain study – which polled 1300 senior IT decision makers and IT security professionals worldwide – said they were concerned about supply-chain attacks.

Only 18 percent said they faced a high risk of attack via their supply chain, but around two-thirds admitted that their organisation had work to do to be prepared to defend against supply chain attacks. Those figures were well behind the half that named phishing or spear phishing and 46 percent that were concerned about ransomware.

Underestimating exposure to supply-chain vulnerabilities – whether from business partners or suppliers of software – raises problems not only because of the direct risk of cybersecurity compromise, but because of the risk of follow-on business issues should that compromise occur for reasons outside of their direct control.

“It’s interesting to see that everyone thinks it’s an issue but nobody is acting on it,” CrowdStrike vice president of technology strategy Michael Sentonas, told CSO Australia.