Most global firms exposed to ransomware thru supply chains

About four in every five (79%) of global IT leaders believe their partners and customers are making their own organisation a more attractive ransomware target, according to Trend Micro.

Sapio Research, commissioned by Trend Micro, polled in May and June 2,958 IT decision makers across 26 countries.

These include the United Kingdom, Belgium, Czech Republic, Netherlands, Spain, Sweden, Norway, Finland, Denmark, France, Germany, Switzerland, Austria, USA, Italy, Canada, Taiwan, Japan, Australia, India, Poland, Hong Kong, Mexico, Colombia, Chile, Brazil.

Findings show that the challenge is particularly acute considering that potentially less well-secured small and medium-sized businesses (SMBs) make up a “significant” portion of the supply chain for over half (52%) of these organisations.

A year ago, a sophisticated attack on a provider of IT management software led to the compromise of scores of MSPs and thousands of downstream customers. 

Yet, only 47% of organisations share knowledge about ransomware attacks with their suppliers. Additionally, 25% said they don’t share potentially useful threat information with partners.

This could be because organisations don’t have information to share in the first place. Detection rates were worryingly low for ransomware activities including ransomware payloads (63%); legitimate tooling such as PSexec, Cobalt Strike (53%); data exfiltration (49%); initial access (42%); and lateral movement (31%).

“We found that 52% of global organizations have had a supply chain organization hit by ransomware, potentially putting their own systems at risk of compromise”, said Bharat Mistry, technical director at Trend Micro. 

“But many aren’t taking steps to improve partner cybersecurity,” said Mistry. “The first step towards mitigating these risks must be enhanced visibility into and control over the expanding digital attack surface.”

The supply chain can also be exploited by attackers to gain leverage over their targets. Among organisations that had experienced a ransomware attack in the past three years, 67% said their attackers contacted customers and/or partners about the breach to force payment.