BlackBerry study reveals more than 75 percent
of software supply chains were exposed to cyberattacks in the last
twelve months.
WATERLOO, ON, June 6, 2024
/PRNewswire/ -- BlackBerry Limited (NYSE: BB; TSX:
BB) today released the results of a global survey of 1,000 senior
IT decision makers and cybersecurity leaders conducted in
April 2024 by Coleman Parkes on the security of the global
software supply chain. The BlackBerry study sought to identify the
procedures companies currently use to manage and lower the risk of
security breaches from their software supply chain, drawing
comparisons to previous research conducted in October
2022.
Recovery After an Attack and
Impact on the Business
After an attack, a little more than half of companies (51
percent) were able to recover from a breach within a week, a slight
drop (53 percent) from two years ago – while nearly 40 percent took
a month, a slight increase (37 percent) from before. Slightly less
than three quarters of attacks (74 percent) came through members of
the software supply chain that companies were either not aware of
or not monitoring before the breach. This was despite insisting on
data encryption (52 percent), security awareness training for staff
(48 percent), and multi-factor authentication (44 percent).
"How a company monitors and manages cybersecurity in their
software supply chain has to rely on more than just trust,"
explains Christine Gadsby, Vice
President, Product Security, BlackBerry. "IT leaders must tackle
the lack of visibility as a priority."
And that risk comes with a real price -- in financial loss (64
percent), data loss (59 percent), reputational damage (58 percent),
and operational impact (55 percent).
Confidence Buoyed by
Monitoring
More than two thirds of respondents (68 percent) were "very
confident" that suppliers can identify and prevent a vulnerability.
A slightly smaller percentage (63 percent) were "very confident"
supply chain partners have adequate cybersecurity regulatory and
compliance practices. That confidence stems from regular
monitoring.
When asked how often they inventory their supply chain partners
for cybersecurity compliance, 41 percent asked for proof every
quarter. These compliance requests include showing a software bill
of materials (SBOM) or a Vulnerability Exploitability eXchange
(VEX) artifact. The biggest barriers to regular software
inventories are lack of technical understanding (51 percent), lack
of visibility (46 percent) and lack of effective tools (41
percent).
Telling the Consumer
With over 75 percent of software supply chains attacked in the
last 12 months, what about the consumer/end user? Seventy-eight
percent of companies are tracking the impact, but only 65 percent
are informing their customers. When asked why not, the top two
responses were concerned about the negative impact on corporate
reputation (51 percent) and lack of staff resources (45
percent).
"There is a risk that companies will be afraid of reporting
attacks for fear of public shaming and damage to their corporate
reputation," Gadsby notes. "Our research comes at a time of
increased regulatory and legislative interest in addressing
software supply chain security vulnerabilities."
Other Notable Statistics
- Vulnerable components having the biggest impact for
organization
- Operating system – 27 percent
- Web browser – 21 percent
- Expected time taken to be notified in the event of a supplier
suffering a cyber breach
- Within four hours – 34 percent
- Within 24 hours – 46 percent
- Within 1-3 days – 18 percent
- Comparability of suppliers' cybersecurity policies
- They are of comparable strength – 66 percent
- They are stronger – 30 percent
Notes to editor: Research conducted in
April 2024 by Coleman Parkes on behalf
of BlackBerry, with 1,000 IT decision-makers and Cybersecurity
professionals across North America
(USA and Canada), the United
Kingdom, France,
Germany, Malaysia, and Japan.
About BlackBerry
BlackBerry (NYSE: BB; TSX: BB) provides intelligent security
software and services to enterprises and governments
worldwide. The company's software powers over 235M vehicles. Based in Waterloo, Ontario, the company leverages AI
and machine learning to deliver innovative solutions in the areas
of cybersecurity, safety, and data privacy solutions and is a
leader in the areas of endpoint management, endpoint security,
encryption, and embedded systems. BlackBerry's vision is
clear - to secure a connected future you can trust.
For more information, visit BlackBerry.com and follow
@BlackBerry.
Trademarks, including but not limited to BLACKBERRY and
EMBLEM Design, are the trademarks or registered trademarks of
BlackBerry Limited, and the exclusive rights to such trademarks are
expressly reserved. All other trademarks are the
property of their respective owners. BlackBerry is not
responsible for any third-party products or services.
Media Contacts:
BlackBerry Media Relations
+1 (519) 597-7273
mediarelations@BlackBerry.com
View original content to download
multimedia:https://www.prnewswire.com/news-releases/software-supply-chain-attacks-have-increased-financial-and-reputational-impacts-on-companies-globally-new-blackberry-research-reveals-302165423.html
SOURCE BlackBerry Limited