Organizations are increasingly finding serious cyber security issues in their software supply chain, according to a recent survey by BlackBerry. Just over three-quarters of respondents said that in the last 12 months they had discovered unknown participants within their software supply chain.
Eighty per cent of IT decision-makers said their organization had received notification of an attack or vulnerability in their supply chain of software in the last 12 months, with the operating system and web browser creating the biggest impact.
Following a software supply chain attack, respondents reported significant operational disruption (59 per cent), data loss (58 per cent) and reputational impact (52 per cent), with nine out of ten organizations (90 per cent) taking up to a month to recover.
The survey of 1,500 IT decision-makers and cybersecurity leaders across Canada, the U.S., the United Kingdom, and Australia was released today, just before the start of the annual BlackBerry Security Summit.
The Summit begins this afternoon with a keynote speech by company chief executive officer John Chen, and continues Thursday with virtual sessions.
“While most have confidence that their software supply chain partners have policies in place of at least comparable strength to their own, it is the lack of granular detail that exposes vulnerabilities for cybercriminals to exploit,” commented Christine Gadsby, BlackBerry’s vice-president of product security.
“Unknown components and a lack of visibility on the software supply chain introduce blind spots containing potential vulnerabilities that can wreak havoc across not just one enterprise, but several, through loss of data and intellectual property and operational downtime, along with financial and reputational impact. How companies monitor and manage cybersecurity in their software supply chain has to rely on more than just trust.”
BlackBerry also made a series of product announcements this morning.
—Cyber Threat Intelligence, which will be delivered on a quarterly subscription basis, provides actionable intelligence on targeted attacks and cybercrime-motivated threat actors and campaigns. It will be tailored for industries, regions, and countries. It starts in December. No pricing was announced;
—BlackBerry UEM, its unified endpoint management suite, adds new APIs that the company says significantly reduce administrative overhead. There’s also stronger integration of all Google services from ChromeOS to Android, offering unified administration and an improved user experience. BlackBerry UEM will also offer greater eSIM integration;
–coming improvements to CylanceProtect, CylanceOptics and CylanceGuard will give threat hunters a single-pane view of critical issues. There are also updates across triage and analysis workflows.
—CylanceGateway, a zero-trust network access suite, will soon provide data access and leakage visibility via a newly launched data loss detection module called CylanceAvert. Gateway will also add enhanced network anomaly detection to identify threats, broadened support for cloud workspaces and more granular access control.
BlackBerry said the Cylance portfolio improvements will be introduced later this year and early next year.