Black Hat released its Supply Chain and Cloud Security Risks Are Top of Mind survey. The report highlights important findings from more than 180 of experienced cybersecurity professionals who reported concerns over attacks against cloud services, ransomware and the growing risks to the global supply chain.
IT environments change and threats evolve
2021 was the year of supply chain attacks as organizations learned the various ways the global supply chain could be abused to compromise a large number of victims. When asked to think about the supply chain and relationships with vendors and customers, 53% of respondents named vulnerabilities in cloud or network services supplied to my enterprise by third-party providers as their greatest cybersecurity concerns.
An equal number of respondents named vulnerabilities in the systems, applications and networks maintained by contractors, suppliers and customers. 34% of respondents listed vulnerabilities in off-the-shelf software of systems purchased from third parties was among their top two concerns, while 26% said they were most concerned about vulnerabilities in commercial software or cloud services introduced by open-source components.
In comparison to the 2021 Black Hat Attendee Survey, 60% were concerned about vulnerabilities in third-party systems and applications, 55% were concerned about vulnerabilities in cloud or network services and 47% were concerned about vulnerabilities in off-the-shelf software. These results showed clear concern for 61% of security professionals in the vulnerabilities in Microsoft Exchange and other off-the-shelf applications.
Supply chain and cloud
When asked about the threats and challenges of greatest concern today, 39% of Black Hat USA 2022 attendees in the survey cited phishing and other forms of social engineering, 35% said targeted sophisticated attacks, 28% said attacks on suppliers, contractors or other partners connected to the organization’s network and 26% said potential compromise of cloud services providers.
Ransomware has evolved over the years from encrypting data in exchange for ransom to sophisticated campaigns capable of destroying systems or wiping out data. 59% of respondents said they believe the ransomware threat to their organizations increased, not decreased, over the past two years.
Even with higher numbers of attacks, 96% of security professionals said they have been able to successfully block or minimize the impact of ransomware attacks against their organization over the past year.