Businesses are under siege from a wave of cyberattacks that are growing in both sophistication and cost. Well-funded cybercriminals are targeting software supply chains and exploiting vulnerabilities to infiltrate networks and deploy ransomware. These attacks are even more dangerous with GenAI now in the fold, which is often being used to create highly convincing phishing emails and other social engineering tactics.
The financial toll of these attacks speaks for themselves. According to Verizon's 2024 Data Breach Investigations Report, the median loss associated with ransomware and other extortion breaches reached $46,000. However, this figure hides the true extent of the damage, as 95% of cases fall within a wide range of $3 to $1,141,467. This means that some organizations are facing crippling financial losses, while others suffer from reputational damage and operational disruptions.
A worry among many businesses when it comes to protecting themselves from data breaches? The supply chain.
In fact, according to OpenText’s 2024 Global Ransomware Survey, supply chain attacks are widespread with 62% of C-level executives, security professionals and security and technical directors having been impacted by a ransomware attack originating from a software supply chain partner in the past year.
When a software supplier is compromised by ransomware, the malicious code is introduced into their products and affects numerous downstream customers. This leads to a cascading effect, as infected software is distributed and installed across various organizations, which exposes them to potential data breaches, operational disruptions and financial losses.
Also, if critical infrastructure or essential services rely on compromised software, the impact can be severe (i.e. potentially affecting entire communities or even entire nations). This highlights the systemic risk associated with ransomware attacks on software supply chains and underscores the importance of cybersecurity measures to protect against such threats.
"SMBs and enterprises are stepping up their efforts against ransomware, from assessing software suppliers to implementing cloud solutions and boosting employee education,” said Muhi Majzoub, Executive Vice President and Chief Product Officer, OpenText. “However, the increase in organizations paying the ransom only emboldens cybercriminals, fueling more relentless attacks.”
To mitigate this risk, 91% of respondents are focusing on downstream software supply chains, third-party and connected partners. In response to recent high-profile breaches, almost half are more concerned about being impacted and are considering vendor changes.
Despite these concerns, 26% still lack a formal process for assessing the cybersecurity practices of their software suppliers. This indicates a gap in their risk management strategies and highlights the need for improved due diligence in supply chain relationships.
Some other things organizations can do to protect themselves includes implementing strong network security, employee training programs and regular security assessments. Additionally, organizations should probably consider investing in insurance policies to mitigate the financial impact of a successful ransomware attack.
"Businesses must proactively defend against sophisticated threats like supply chain vulnerabilities and AI-driven attacks, while ensuring resilience through data backups and response plans, to avoid empowering the very criminals seeking to exploit them,” Majzoub added.
Edited by
Alex Passett
