"Software Supply Chain Attacks Hit 61% of Firms"

Security researchers at Capterra have discovered that more than three-fifths (61%) of US businesses have been directly impacted by a software supply chain threat over the past year. The researchers polled 271 IT and IT security professionals to better understand the risk exposure of US companies to vulnerabilities in third-party software. Half of the respondents rated the software supply chain threat as "high" or "extreme," with another 41% claiming the risk is moderate. The researchers pointed to open source software as a key source of supply chain risk. It is now used by 94% of US companies in some form, with over half (57%) using multiple open source platforms. The researchers claimed that app sprawl is contributing to cyber risk, revealing that retailers that have experienced a cyberattack in the past two years are more than twice as likely to report being impacted by app sprawl as those that did not experience an attack (53% versus 22%). Alongside reducing app sprawl, the researchers recommended organizations request a software bill of materials (SBOM) from vendors and open source providers so that they can better track individual components. Yet only half (49%) of respondents are doing so currently.

Infosecurity reports: "Software Supply Chain Attacks Hit 61% of Firms"