However, most IT managers don’t consider supply chain as a top security risk, which exposes an additional weak spot to the cybercriminals
Indian IT managers are inundated with cyberattacks coming from all directions as cybercriminals exploit the weak links in security leading to supply chain or third-party vendor compromises, according to a new survey by global cybersecurity major Sophos.
While 27 per cent of Indian IT managers consider Internet of Things (IoT) as threats, 21 percent feel the internal staff are the top security risks.
However, alarmingly, only 24 percent of IT managers consider supply chain as a top security risk, exposing an additional weak spot that cybercriminals will likely add to their repertoire of attack vectors.
The survey polled 3,100 IT decision makers from mid-sized businesses in the US, Canada, Mexico, Colombia, Brazil, the UK, France, Germany, Australia, Japan, India and South Africa.
Supply chain attacks gaining momentum
“Cybercriminals are always looking for a way into an organisation, and supply chain attacks are ranking higher on their list of methods now,” Sunil Sharma, Managing Director (Sales), Sophos India and SAARC, said in a statement.
IT managers do not prioritise supply chain as a security risk because they consider these attacks are perpetrated by nation-states on high profile targets.
Sharma explained that while nation-states may have created the blueprints for these attacks, once these techniques are publicised, other cybercriminals often adopt them for their ingenuity and high success rate.
“Supply chain attacks are also an effective way for cybercriminals to carry out automated, active attacks, where they select a victim from a larger pool of prospects and then actively hack into that specific organisation using hand-to-keyboard techniques and lateral movements to evade detection and reach their destination,” Sharma added.
With cyberthreats coming from supply chain attacks, phishing emails, software exploits, vulnerabilities and insecure wireless networks, businesses need a security solution that helps them eliminate gaps and better identify previously unseen threats, the study suggested.