Skip to main content

Supply chain attacks are now more costly than ever

supply chain
(Image credit: Image source: Shutterstock/KAMONRAT)

Cyberattacks that exploit suppliers and partners to access a company's data are now more costly than ever, a new report from security firm Kaspersky suggests.

According to the paper, the average financial impact of a supply chain attack against an enterprise reached $1.4 million this year, making it the most expensive type of incident.

Over the past year, almost a third (28 percent) of European enterprises have suffered this type of attack. The volume hasn’t changed “significantly” compared to last year’s report (29 percent), but the financial impact has.

Once a company is breached, cybercriminals engage in all sorts of malicious behavior, the report suggests. The average financial impact across all types of cyberattack rose by almost a third (31 percent) year on year, hitting $1.1 million.

European enterprises lost an average of $2.1 million through cryptomining attacks, with ransomware attacks causing losses of $2.07 million on average. Inappropriate use of IT resources by employees rounded off the top three, with an average financial impact of $2.04 million.

To tighten up on security, businesses should set up an effective endpoint protection with threat detection and response capabilities, Kaspersky advises. Furthermore, they should consider managed protection services.

“Companies should grade their suppliers based on the type of work they do and complexity of access they receive (whether they deal with sensitive data and infrastructure or not), and apply security requirements accordingly,” said Evgeniya Naumova, Executive VP, Corporate Business at Kaspersky. 

“Companies should ensure they only share data with reliable third parties and extend their existing security requirements to suppliers. In the case of sensitive data or information transfers it means that all documentation and certifications (such as SOC 2) should be requested from suppliers to confirm they can work at such level. In very sensitive cases, additionally we recommend conducting a preliminary compliance audit of a supplier before signing any contract.” 

Sead Fadilpašić

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.