Over Two-Thirds of Security Professionals hit by Software Supply Chain Attack

63% of security professionals from the US, Europe, and Asia-Pacific have been victims of software supply chain attacks over the last 2 years.

According to Checkarx’s research, 18% were hit in the last year.

Similarly, 56% of respondents indicated that their organisational applications include open source code packages, with three-quarters expressing significant concern about the security of their software supply chains.

Amit Daniel, chief marketing officer at Checkmarx commented: "We have seen more attacks on the open source ecosystem in the last two years than ever before with over 385,000 malicious packages detected to date by our own Checkmarx security research team."

The report reveals that although enterprise AppSec leaders are increasingly prioritising software supply chain security, their progress remains slow

Nearly six in ten respondents mentioned that software supply chain security was a prioritising focus, with 54% planning to use or investigating the use of a solution, and eight in ten said finding a solution is a top priority.

Oseloka Obiora, CTO of RiverSafe, commented: "The complexity of supply chains, built on intricate digital connections, makes them an inherent security risk. A supply chain is only as strong as its weakest link and if all parties aren’t monitoring and managing their security risks then each connection becomes vulnerable.”

“To combat this, security teams need to have effective network visibility, through observability, to monitor the conditions of their network and infrastructure based on data outputs. This can alert security teams to suspicious activity, allowing them to identify and prevent breaches before they damage the entire supply chain. Greater visibility can allow these teams to monitor the “unknowns” within their supply chain network and enable them to better prepare for technical issues and unexpected activity, especially across distributed IT systems.”