Security breaches caused by the compromise of a software provider or other partner are causing businesses significant headaches, a new report from email security company GreatHorn suggests.
Also known as supply chain attacks, these incidents have affected three quarters of organizations, the majority (79%) of which suffered financial losses as a direct result, to the tune of $6.1 million on average.
“Truth is, it’s no longer enough to defend only your own organization’s attack surface. You also need to protect against phishing scams and network compromises within business partners up and down the supply chain,” wrote GreatHorn.
“Once attackers have gained access to supplier systems, they can gather intelligence to launch highly targeted spear phishing campaigns, or man-in-the-middle attacks, against your employees.”
What’s more, it appears supply chain attacks are becoming increasingly common, perhaps as a consequence of the high-profile SolarWinds attack, which first came to light in late 2020.
More than a third of the 250 security professionals surveyed by GreatHorn said the volume of supply chain attacks has increased dramatically within the last year, while 63% anticipate a further rise in 2021.
To shield against attacks of this kind, the report suggests, businesses should utilize technologies such as biometrics to improve upon identity management processes. Further, a focus on credential theft detection and behavioral analytics could help companies address issues at an earlier stage, limiting the potential damage.