Two-thirds of organizations acknowledge suffering supply chain attacks in 2017

• On an average, a respondent took 10 hours to detect an attack, 13 hours to react to it and 15 hours to respond.
• 90 percent of the respondents claimed to have incurred a financial cost, with an average cost of $1.1 million, due to supply chain attacks.

A new global survey, conducted by Vanson Bourne on behalf of CrowdStrike, has found two-thirds of companies across the world were hit by supply chain attacks in 2017, despite maintaining a proper defense strategy.

The survey included 1300 senior IT decision makers and security professionals in the US, Canada, UK, Mexico, Australia, Germany, Japan and Singapore. Of these 1300 respondents, 87 percent confirmed they had been hit by an attack despite having adopted a comprehensive security strategy.

Although organizations claimed to have security protocols in place, these proved ineffective in protecting them from attacks.

Respondents from nearly all countries spent close to 63 hours to detect and remediate an attack. On an average, a respondent took 10 hours to detect an attack, 13 hours to react to it, and 15 hours to respond. However US organizations were ahead of their counterparts in other regions, as their average response time was 12 hours.

The survey revealed that only 33 percent of the respondents considered supply chain attacks as cause for concern for their firms over the next 12 months. The report claimed that a majority of the supply chain attacks occurred due to general malware (which accounted for 57 percent). This was closely followed by phishing (50 percent) and password attacks (47 percent).

The survey also highlighted that these supply chain attacks resulted in 90 percent of the respondents incurring a financial cost, with an average cost of $1.1 million.

“It’s clear that supply chain attacks are becoming a business-critical issue, impacting topline relationships with partners and suppliers but organizations largely lack the knowledge, tools, and technology to be protected,” said Dan Larson, Crowdstrike VP of product marketing, SC Magazine reported. “Knowledge gaps and the lack of established standards to prevent complex supply-chain attacks are putting organizations at risk from a financial, reputational and operational perspective.”

On the bright side, the attacks have prompted some organizations to take a more proactive approach toward security. The survey shows that 44 percent of the respondents are planning to adopt artificial intelligence and machine learning as a solution to curb supply chain attacks in the next 12 months.