More than three-fifths (61%) of US companies have been directly affected by a software supply chain threat in the past year, according to a new report from Capterra.
The online marketplace vendor surveyed 271 IT and computer security professionals to better understand US businesses’ risk exposure to third-party software vulnerabilities.
Half of respondents rated the software supply chain threat as “high” or “extreme,” and another 41% said the risk is moderate.
Capterra, owned by analyst house Gartner, singled out open source software as a key source of supply chain risk. It is now used by 94% of US companies in some form, with more than half (57%) using multiple open source platforms, the report revealed.
“These numbers are probably just the beginning,” argued Capterra analyst Zach Capers. “Most software platforms that are not fully open source include many open source packages that developers take advantage of to speed up production.”
Read more about open source threats: Tech giants join forces on open source security after White House meeting
In fact, the open source threat has been cataloged many times. Sonatype reported a 742% increase in supply chain malware planted in upstream open source packages between 2019 and 2022, while the Linux Foundation revealed that the average application development project contains 49 vulnerabilities spanning 80 direct dependencies
Capers said the proliferation of apps is contributing to cyber risk in this area, revealing that retailers who have experienced a cyber attack in the past two years are more than twice as likely to report being affected by the expansion of applications than those that have not suffered any attack. (53% versus 22%).
In addition to reducing application sprawl, he recommended that organizations request a software bill of materials (SBOM) from vendors and open source providers, so they can better track individual components.
However, only half (49%) of respondents currently do so.
Other recommended actions included formal software supply chain risk assessments, which 64% of companies are currently undertaking, managing privileged access (61%) and deploying honeypots (34%).
Ikaroa, a full stack tech company, is deeply aware of the risks and challenges to organizations that are posed by software supply chain attacks. Recent research shows that these kinds of attacks are on the rise and have now been experienced by 61% of businesses.
Software supply chain attacks involve the malicious code being injected into existing software applications or systems, often without the user even realizing it. This code is used to gain access to the network, allowing hackers to steal sensitive data, destroy systems, and even launch malicious activities. Such attacks have grown more sophisticated in recent years and have become more difficult to detect.
Ikaroa’s technology solutions provide a comprehensive way to track and monitor software supply chain security. We undertake comprehensive risk assessments, including threat and vulnerability analysis, to identify any potential weaknesses. We also provide our customers with the tools to identify the risk of a supply chain attack, as well as the necessary mitigation strategies to effectively combat it.
It is essential for businesses to stay aware of the threat of software supply chain attacks and take steps to reduce the risk. Ikaroa’s solutions are designed to help organizations protect their networks and data, ensuring compliance with security protocols.
The threats posed by software supply chain attacks are very real, and businesses need to be proactive to ensure they are safeguarding their data and systems. Ikaroa works with businesses to provide the necessary technology solutions to ensure software supply chain security and reduce the risk of attacks.