The risks faced by the software supply chain become a significant priority for organizations as cyber attackers increasingly benefit from the gaps caused by digitalization, which significantly increases the dependence of many businesses on services and third-party service providers with cloud-based solutions.
In a recent survey conducted by the US-based Neustar International Security Council (NISC), 79% of security professionals said their organization's reliance on cloud-based solutions has increased compared to pre-pandemic, with 48% saying this dependency has "increased substantially." Similarly, 78% of the respondents reported increased dependency on cloud-based services (40% said this dependency was substantial), and 66% reported increased reliance on third-party service providers (27% reported that it was substantial). As a result, 76% of the respondents say they now view the risks faced by the supply chain as their highest security priority.
The reasons for the increase in dependency include the increasing digitalization rate of organizations (69% of those who confirm the rise in dependency), the need to rapidly scale up due to the growing demand for the organization's products and services (49%), and the lack of employees with the necessary in-house competence (39%).
Security experts continue to raise concerns about increased risks due to their closer integration with third-party partners. 73% of the respondents believe that they or their customers are exposed to security risks due to increased integration (24% of the respondents talk about "very large" risks). In comparison, 77% say they are beginning to approach third-party partners more cautiously due to Log4j's vulnerability and recent attacks on service providers such as SolarWinds and Kaseya.
When asked how they felt about the way Log4j's problem was being handled, participants seemed to agree that the response to this situation, both inside and outside, was inadequate. Only 37% of the respondents believe their organization has fully resolved the vulnerability issues associated with Log4j; 43% agree that third-party partners are unsure whether they have resolved them, while 24% do not believe that third-party partners have completely solved these problems.
72% of the respondents stated that they did not trust the emergency plans they prepared in case critical service providers were exposed to potential attacks that interrupted the services and put their organizations at risk. In comparison, 24% stated that they did not trust the emergency plans, and 4% did not know what kind of action plans these organizations had.
When survey results are compared with the previous ones, in parallel to the earlier results, potential DDoS attacks continue to be the primary concern of the security experts in the May and June 2022 reporting period. While the DDoS attacks are shown as the biggest threat by 22% of the participants, followed by system violations and ransomware by 19% and 18%, respectively.
While ransomware attacks, DDoS attacks, and targeted hacking are seen among the threats that can increase in the future, impersonating a vendor or customer, targeted hacking, and DDoS attacks are seen as the most focused security risks by the institutions.
While 85% of the participant businesses in the survey in July stated that they had been exposed to a DDoS attack before, 57% said they outsourced DDoS mitigation, and 62% said it usually took between 60 seconds and 5 minutes to initiate mitigation, in line with previous responses.
These results determined in the United States demonstrate that data and access security is essential in cybersecurity. While the big data held by public institutions or private companies whets the appetite of cyber attackers, it is essential to protect corporate or personally sensitive data. Protecting these digital assets, which may be exposed after data breaches or offered for sale by hacker groups on the dark web, is closely linked to the data and access security measures to be taken. Privileged Access Management (PAM) solutions, which control, monitor, and log access to databases containing critical information, alleviate all of these concerns. By including data security with data masking methods, PAM solutions can prevent the dangers created by controlling internal and external threats from authorized users during potential cyber-attacks.
You can put a barrier to cyber risk with Single Connect, which is a comprehensive PAM product with solutions such as privileged session manager, dynamic password controller, two-factor authentication, data access management, dynamic data masking, and privileged task automation.
For detailed information about Single Connect, which is also included in the Privileged Access Management reports of the world's leading research companies such as Gartner, KuppingerCole, and Omdia, you can visit the webpage and contact us for more information.