The majority of software supply chains in the UK regularly face cyber threats as hackers exploit unguarded third party suppliers.

Designed to exploit weaknesses in third party suppliers, a software supply chain attack turns a trusted supplier into an unsuspecting Trojan horse. In recent years, collective awareness of cyber risk has grown, leading to widespread adoption of stronger safety measures. This has made direct attacks on large organisations more challenging. 

So, hackers have turned to enterprises’ supplier networks as a new source of vulnerabilities to exploit. Smaller software suppliers often have weaker security measures, making them easier targets. Once compromised, these suppliers’ software can be injected with malicious code, providing hackers with a way to breach their target from within.

The results can be catastrophic. According to a new report from BlackBerry, UK companies are especially likely to be at risk of cyberattack in their supply chain. 

 “Unknown components and a lack of visibility on the software supply chain introduce blind spots containing potential vulnerabilities that can wreak havoc across not just one enterprise, but several, through loss of data and intellectual property, operational downtime along with financial and reputational impact,” commented Christine Gadbsy, VP of Product Security at BlackBerry in the report. “How companies monitor and manage cybersecurity in their software supply chain has to rely on more than just trust.”

BlackBerry’s report highlighted the 2020 hacking campaign which targeted a vulnerability in SolarWinds software and managed to penetrate US government departments including the Department of Homeland Security and part of the Pentagon. New research from BlackBerry highlights the extent of the problem for UK software supply chain security. 

UK firms battered by cybersecurity threats 

BlackBerry’s study found that four out of five software supply chains have been either notified of a vulnerability or the target of cyber attacks in the past year. 

Out of those who experienced an attack, 59% were operationally compromised, 58% lost data, 55% lost intellectual property, 52% suffered a perceived loss to their reputation, and 49% were hurt financially. 

Recovery times following an attack were also longer than ideal for many firms. Nine out of ten companies took up to a month for their operations to recover following a software supply chain attack. According to BlackBerry’s researchers, “the damage to reputation and brand lasts much longer.”

This data not only identified an increase in attack frequency but also shows a greater financial impact compared to data from 2022.

One alarming discovery from the report was the presence of hidden entities within software supply chains. According to BlackBerry, three in four businesses uncovered hidden entities in their supply chain, with over two-thirds (68%) of businesses only recently identified these unknown participants. 

This vulnerability typically arises as the result of gaps in regulatory and compliance processes. Troublingly, fewer than 20% of UK companies request security compliance evidence from suppliers beyond the initial onboarding stage.

Also, despite reporting high levels of confidence in their suppliers’ ability to identify and prevent vulnerabilities, few companies consistently verified compliance. This lack of verification and visibility, the report’s authors argue, leaves opportunities for cyber criminals to exploit.

  • Cybersecurity

Related Stories

We believe in a personal approach

By working closely with our customers at every step of the way we ensure that we capture the dedication, enthusiasm and passion which has driven change within their organisations and inspire others with motivational real-life stories.