Skip to main content

Majority of large businesses caught up in supply chain attacks last year

software tools
(Image credit: Image source: Shutterstock/niroworld)

The majority of large enterprises (64 percent) suffered a software supply chain attack last year, according to a report from security company Anchore.

Based on a poll of IT, security and DevOps leaders at 425 companies, the report states that the use of software containers is on the rise thanks to the widespread use of DevOps processes to speed up development. It claims that two-thirds (65 percent) of organizations run a “significant number” of applications in containers. 

While the tech industry may spearhead this adoption, traditional industries are quickly jumping on board too, it was said.

One of the key advantages of containers is the ease with which software can be packaged during development, but there are caveats: multiple open-source and third-party dependencies may create additional supply chain risks. Almost two in five (38 percent) advanced users said containerized apps are riskier, compared to traditional applications. 

The risks aren’t stopping these organizations, though. A significant majority (84 percent) plan to increase their container use, with close to a third (29 percent) planning on increasing container use “significantly”. 

Identifying vulnerabilities, too many false positives and time spent fixing issues are the three key challenges, the report concluded.

“This report highlights that 60 percent of respondents have made securing the software supply chain a top initiative for 2022,” said Dan Nurmi, CTO and Co-Founder of Anchore.

“This is critical as software supply chain attacks rise in frequency and intent. It’s an important reminder that now is the time for IT leaders, security executives and members of the C-suite to empower their teams to implement new practices and tools that secure the software supply chain.” 

Sead Fadilpašić

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.