Software Supply Chain Attacks Have Increased Financial and Reputational Impacts on Companies Globally, New BlackBerry Research Reveals
Software Supply Chain Attacks Have Increased Financial and Reputational Impacts on Companies Globally, New BlackBerry Research Reveals
BlackBerry study reveals more than 75 percent of software supply chains were exposed to cyberattacks in the last twelve months.
黑莓研究顯示,在過去的十二個月中,超過75%的軟件供應鏈遭受過網絡攻擊。
WATERLOO, ONTARIO – June 6, 2024—BlackBerry Limited (NYSE: BB; TSX: BB) today released the results of a global survey of 1,000 senior IT decision makers and cybersecurity leaders conducted in April 2024 by Coleman Parkes on the security of the global software supply chain. The BlackBerry study sought to identify the procedures companies currently use to manage and lower the risk of security breaches from their software supply chain, drawing comparisons to previous research conducted in October 2022.
Recovery After an Attack and Impact on the Business
After an attack, a little more than half of companies (51 percent) were able to recover from a breach within a week, a slight drop (53 percent) from two years ago – while nearly 40 percent took a month, a slight increase (37 percent) from before. Slightly less than three quarters of attacks (74 percent) came through members of the software supply chain that companies were either not aware of or not monitoring before the breach. This was despite insisting on data encryption (52 percent), security awareness training for staff (48 percent), and multi-factor authentication (44 percent).
攻擊後的恢復及對業務的影響
攻擊發生後,略超過一半的公司(51%)能夠在一週內從漏洞中恢復過來,與兩年前相比略有下降(53%),而將近40%的公司花了一個月的時間,比之前略有增加(37%)。略低於四分之三的攻擊(74%)來自軟件供應鏈的成員,而這些成員在漏洞發生前公司要麼沒有意識到,要麼沒有監控。儘管堅持數據加密(52%)、對員工進行安全意識培訓(48%)和多因素身份驗證(44%),但情況仍然如此。
"How a company monitors and manages cybersecurity in their software supply chain has to rely on more than just trust," explains Christine Gadsby, Vice President, Product Security, BlackBerry. "IT leaders must tackle the lack of visibility as a priority."
黑莓產品安全副總裁克里斯汀·加茲比解釋說:“公司如何監控和管理軟件供應鏈中的網絡安全不僅僅依賴信任。”“IT 領導者必須將缺乏知名度作爲優先事項來解決。”
And that risk comes with a real price -- in financial loss (64 percent), data loss (59 percent), reputational damage (58 percent), and operational impact (55 percent).
這種風險是有實際代價的,包括財務損失(64%)、數據丟失(59%)、聲譽損失(58%)和運營影響(55%)。
Confidence Buoyed by Monitoring
More than two thirds of respondents (68 percent) were "very confident" that suppliers can identify and prevent a vulnerability. A slightly smaller percentage (63 percent) were "very confident" supply chain partners have adequate cybersecurity regulatory and compliance practices. That confidence stems from regular monitoring.
監測增強了信心
超過三分之二的受訪者(68%)對供應商能夠識別和預防漏洞 “非常有信心”。略低的百分比(63%)表示 “非常有信心” 供應鏈合作伙伴有足夠的網絡安全監管和合規措施。這種信心源於定期監測。
When asked how often they inventory their supply chain partners for cybersecurity compliance, 41 percent asked for proof every quarter. These compliance requests include showing a software bill of materials (SBOM) or a Vulnerability Exploitability eXchange (VEX) artifact. The biggest barriers to regular software inventories are lack of technical understanding (51 percent), lack of visibility (46 percent) and lack of effective tools (41 percent).
當被問及他們多久清點一次供應鏈合作伙伴以確保網絡安全合規性時,有41%的人要求每季度提供證據。這些合規性請求包括出示軟件物料清單 (SBOM) 或漏洞利用交換 (VEX) 工件。常規軟件清單的最大障礙是缺乏技術理解(51%)、缺乏可見性(46%)和缺乏有效的工具(41%)。
Telling the Consumer
With over 75 percent of software supply chains attacked in the last 12 months, what about the consumer/end user? Seventy-eight percent of companies are tracking the impact, but only 65 percent are informing their customers. When asked why not, the top two responses were concerned about the negative impact on corporate reputation (51 percent) and lack of staff resources (45 percent).
告訴消費者
在過去的12個月中,有超過75%的軟件供應鏈受到攻擊,那麼消費者/最終用戶呢?百分之七十八的公司正在追蹤影響,但只有65%的公司向客戶通報了情況。當被問及原因時,前兩名受訪者擔心對企業聲譽的負面影響(51%)和缺乏人力資源(45%)。
"There is a risk that companies will be afraid of reporting attacks for fear of public shaming and damage to their corporate reputation," Gadsby notes. "Our research comes at a time of increased regulatory and legislative interest in addressing software supply chain security vulnerabilities."
加茲比指出:“公司有可能因爲害怕公開羞辱和公司聲譽受損而害怕舉報攻擊。”“我們的研究是在監管和立法機構越來越關注解決軟件供應鏈安全漏洞之際進行的。”
Other Notable Statistics
其他值得注意的統計數據
- Vulnerable components having the biggest impact for organization
- Operating system – 27 percent
- Web browser – 21 percent
- Expected time taken to be notified in the event of a supplier suffering a cyber breach
- Within four hours – 34 percent
- Within 24 hours – 46 percent
- Within 1-3 days – 18 percent
- Comparability of suppliers' cybersecurity policies
- They are of comparable strength – 66 percent
- They are stronger – 30 percent
- 易受攻擊的組件對組織影響最大
- 操作系統 — 27%
- 網絡瀏覽器 — 21%
- 供應商遭遇網絡漏洞時通知的預計時間
- 四小時之內 — 34%
- 24 小時內 — 46%
- 在 1-3 天內 — 18%
- 供應商網絡安全政策的可比性
- 他們的實力相當—— 66%
- 他們更強大 — 30%
Notes to editor: Research conducted in April 2024 by Coleman Parkes on behalf of BlackBerry, with 1,000 IT decision-makers and Cybersecurity professionals across North America (USA and Canada), the United Kingdom, France, Germany, Malaysia, and Japan.
###
###
About BlackBerry
BlackBerry (NYSE: BB; TSX: BB) provides intelligent security software and services to enterprises and governments worldwide. The company's software powers over 235M vehicles. Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety, and data privacy solutions and is a leader in the areas of endpoint management, endpoint security, encryption, and embedded systems. BlackBerry's vision is clear - to secure a connected future you can trust.
關於黑莓
黑莓(紐約證券交易所代碼:BB;多倫多證券交易所股票代碼:BB)爲全球企業和政府提供智能安全軟件和服務。該公司的軟件爲超過2.35億輛汽車提供支持。該公司總部位於安大略省滑鐵盧,利用人工智能和機器學習在網絡安全、安全和數據隱私解決方案領域提供創新的解決方案,並且是端點管理、端點安全、加密和嵌入式系統領域的領導者。黑莓的願景很明確——確保值得信賴的互聯未來。
For more information, visit BlackBerry.com and follow @BlackBerry.
欲了解更多信息,請訪問 Blackberry.com 並關注 @BlackBerry。
Trademarks, including but not limited to BLACKBERRY and EMBLEM Design, are the trademarks or registered trademarks of BlackBerry Limited, and the exclusive rights to such trademarks are expressly reserved. All other trademarks are the property of their respective owners. BlackBerry is not responsible for any third-party products or services.
商標,包括但不限於 BLACKBERRY 和 EMBLEM Design,是黑莓有限公司的商標或註冊商標,此類商標的專有權利被明確保留。所有其他商標均爲其各自所有者的財產。黑莓對任何第三方產品或服務概不負責。
# # #
# #
Media Contacts:
BlackBerry Media Relations
+1 (519) 597-7273
mediarelations@BlackBerry.com
媒體聯繫人:
黑莓媒體關係
+1 (519) 597-7273
mediarelations@BlackBerry.com
譯文內容由第三人軟體翻譯。