Businesses around the world are facing a growing danger from supply chain attacks, with every third company reporting an incident in the past year. A new Kaspersky study shows that a shortage of skilled cybersecurity staff and unclear security responsibilities with partners are leaving organizations more exposed than ever to these hidden digital threats.
The Kaspersky survey sheds light on the growing challenge of supply chain and trusted relationship risks. Nearly half of the respondents approx. 42% blamed the lack of qualified cybersecurity workers and the pressure of juggling multiple priorities as key barriers to improving security.
Structural problems also play a role. About 39% of organizations reported that contracts with contractors do not clearly define IT security obligations, while 32% said non-IT staff often do not fully understand these risks. As a result, many businesses remain exposed to evolving threats within their partner networks.
Globally, 85% of organizations admitted they need to improve protection against these risks, while only 15% considered their current measures effective. Common security practices like two-factor authentication are used by just 38% of businesses, and only 35% regularly review contractors’ cybersecurity standards.
For mitigating such risks, Kaspersky recommends adopting managed security services. For organizations lacking dedicated cybersecurity resources, the best solution is to resort to outsourcing. Use such services as Kaspersky Managed Detection and Response (MDR) and / or Incident Response, which cover the entire incident management cycle – from threat identification to continuous protection and remediation. Enhance the cybersecurity knowledge of your employees with practically-oriented self-guided or live Kaspersky Cybersecurity Training. These educational programs help security professionals advance their hard skills and protect companies against sophisticated attacks.
Companies that have already experienced supply chain attacks tend to take security more seriously. These organizations are more likely to request regular penetration tests, ensure their suppliers follow industry standards, and closely review the cybersecurity measures of their partners.
