Supply chain attacks: Almost one in three companies affected
If corporate IT is too well protected, attackers specifically target suppliers. Almost 28 percent of companies are affected – many with noticeable consequences.
(Image: heise medien)
Attacks on the supply chain are developing into a significant security risk for German companies: Almost 28 percent of companies were affected by cyberattacks on their suppliers within twelve months or had a corresponding suspicion. This is according to a current study by the digital association Bitkom, for which more than 1000 companies across all sectors were surveyed.
Specifically, 9 percent of the surveyed companies stated that their suppliers were demonstrably victims of industrial espionage, sabotage, or data theft. Another 19 percent had a corresponding suspicion. The attackers exploit a classic vulnerability: Even if a company itself has implemented high security standards, attack vectors can arise through networked IT systems or business documents located with suppliers – for example, design plans.
Videos by heise
According to Bitkom, companies should not underestimate the consequences: 41 percent of companies whose suppliers were attacked felt concrete effects. These range from production downtimes and delivery bottlenecks to reputational damage. For almost half (49 percent), the attacks on suppliers had no direct impact on their own business.
"Attackers look for the weakest point. Especially with particularly well-protected companies, these are often less well-protected suppliers," Bitkom President Ralf Wintergerst explains. To improve cybersecurity, business partners along the supply chain must be sensitized, protective measures agreed upon, and jointly implemented.
Also critical: 15 percent of the surveyed companies do not know whether their suppliers were attacked – or did not want to provide information about it. Only 4 percent do not work with suppliers. The remaining 53 percent stated that there were no known attacks on their suppliers. The study can be found as a PDF in the press release of Bitkom.
(fo)
