A survey of C-Suite Executives shows increased awareness of supply chain attacks by businesses
It’s been two years since the SolarWinds Supply Chain attack but it’s still fresh in the minds of many business executives. It serves as a painful reminder that you can do everything right to solidify your company security but all it takes to get breached is one weak link in your supply chain.
It won’t, therefore, come as a surprise that a lot of executives are living in constant fear of being targeted through their supply chain.
CloudBees recently surveyed C-suite executives working in different positions and 82% of those interviewed admitted to being either ‘somewhat more concerned’ or ‘much more concerned’ of being victims of supply chain attacks than they were in 2019, before the two unforgettable cyber attacks.
According to the survey, CEOs are the most concerned by the likelihood of being hit through a software supply chain attack out of all roles, more than CISOs and CIOs.
The survey further reports that the executives’ trust in their software supply chain has waned over a period of 1 year. In a similar survey in 2021, only 5% of the respondents believed to be vulnerable to a supply chain attack. In contrast, 12% of the respondents in the recent survey believe they are vulnerable to a supply chain attack.
Surprisingly, even with the increased awareness of these forms of attacks, a worrying number of executives admitted to not knowing who to engage in case they became aware of an active attack.
In the UK, only half of the executives knew who to engage in case of a cyber incident and it was a similar trend in just about all other surveyed countries. Aussie was the only exception with 71% of the respondents saying they knew who to contact.
This revelation underlies the importance of having a digital and physical copy of your incident response playbook as has been recommended by cybersecurity experts on countless occasions.
As cases of cyber attacks, especially ransomware continue to increase, it’s critical that all the involved people in a business know how to respond and who to engage.
On the bright side, this survey has also helped shed light on where the priorities of business execs lie and more than three quarters said that security and compliance is their top concern coming even before the speed with which business can happen. They did however add that compliance and security challenges such as completing compliance audits and assessing risks and defects were consuming valuable company time that could have been used to innovate.
Speaking on the report, CloudBees CISOO Prakash Sethuraman says that the survey results are an indicator that the software security and compliance landscape needs to be redesigned so that the process is continuous and does not derail innovation.
“These survey findings underscore the urgent need to transform the software security and compliance landscape,” Prakash said. “While shift left is a popular talking point, it is not yielding the desired results. Instead, it is further burdening development teams and taking their attention away from value-added work. What’s needed is a new mindset and a fresh approach, one in which security and compliance are continuous and actually speed innovation.”