subscribe
Home
News
Cyberattacks in global supply chain…

Cyberattacks in global supply chain increasing, says survey

Inside Logistics Online Staff

Share

Cyberattacks in the supply chain are becoming increasingly widespread, with several in the industry being impacted by a ransomware attack originating from a software supply chain partner in the past year.

Canadian company OpenText released its third annual 2024 Global Ransomware Survey, which reveals the current state of ransomware attacks, including ransom payments, the impact of software supply chain attacks and generative AI. The report found that 62 per cent of respondents have been impacted by a ransomware attack.

With well-funded cybercriminals increasingly targeting software supply chains and harnessing generative AI to increase phishing attempts, businesses face a persistent struggle to stay ahead of evolving ransomware threats and the rising cost of attacks. Verizon’s 2024 Data Breach Investigations Report shows that the median loss associated with the combination of ransomware and other extortion breaches has been $46,000, ranging between $3 and $1,141,467 for 95 per cent of cases.

“SMBs and enterprises are stepping up their efforts against ransomware, from assessing software suppliers to implementing cloud solutions and boosting employee education. However, the increase in organizations paying the ransom only emboldens cybercriminals, fueling more relentless attacks,” said Muhi Majzoub, executive vice-president and chief product officer, OpenText. “Businesses must proactively defend against sophisticated threats like supply chain vulnerabilities and AI-driven attacks, while ensuring resilience through data backups and response plans, to avoid empowering the very criminals seeking to exploit them.”

The survey showed that 76 per cent of small and medium-sized businesses (SMBs) experienced a ransomware attack, while 70 per cent of large businesses had during the past year.

Of those who experienced a ransomware attack in the past year, 46 per cent paid the ransom and 31 per cent of their ransom payments were between $1 million and $5 million. At the same time, almost all (97 per cent) successfully restored their organization’s data.

A majority of survey respondents (91 per cent) are concerned about ransomware attacks on a company’s downstream software supply chain, third-party and connected partners.

Almost three-quarters of respondents (74 per cent), including those who have experienced a ransomware attack in the past year, have a formal process for assessing the cybersecurity practices of your software suppliers, while 26 per cert do not or don’t know.

Other key survey findings include:

  • Forty per cent of respondents have been impacted or don’t know by a ransomware attack originating from a software supply chain partner.
  • Almost three-quarters of companies have experienced a ransomware attack this year, with more SMBs than large enterprises having experienced an attack.
  • Of the 48 per cent of respondents who have experienced a ransomware attack, 73 per cent have experienced a ransomware attack in the last year, only a quarter have not and two per cent don’t know.
  • Respondents experienced more phishing attacks due to the increased use of AI, especially among those who have experienced a ransomware attack.
  • More than half (55 per cent) of respondents said their company is more at risk of suffering a ransomware attack because of the increased use of AI among threat actors.
  • Almost half (45 per cent) of respondents have observed an increase in phishing attacks due to the increased use of AI. Of those who experienced a ransomware attack, 69 per cent have observed an increase in phishing attacks due to the increased AI usage.
  • Cloud security is the cybersecurity area that respondents say their companies are investing in most (66 per cent).
  • In 2024, 62 per cent of SMB respondents are investing more in cloud security. In contrast, in 2023, 56 per cent invested more in cloud security. In 2022, only 39 per cent of SMB respondents were using cloud security solutions.
  • A majority of respondents (91 per cent) said their companies require employees to participate in security awareness or phishing training. Only nine per cent do not. In 2024, 66 per cent conducted at least a quarterly training.

Related Posts

March 7, 2025

Canadian businesses face increased fraud, cybersecurity risks amid tariff-driven supply chain shifts: KPMG

Cybersecurity By Inside Logistics Online Staff
Read More
October 1, 2024

Report says cybercrime rings a signature trend in supply chain landscape

Cybersecurity By Inside Logistics Online Staff
Read More
July 22, 2024

CrowdStrike, Microsoft continue to address global IT outage

Cybersecurity By Inside Logistics Online Staff
Read More
December 15, 2022

Employees are the weak link in cyber breaches

Cybersecurity By Emily Atkins
Read More
August 12, 2022

Ontario Cannabis Store increasing delivery widow to catch up after 3PL cyberattack

Cybersecurity By Tara Deschamps THE CANADIAN PRESS
Read More
August 11, 2022

Ontario Cannabis Store to resume deliveries after cyberattack on 3PL

Cybersecurity By Tara Deschamps THE CANADIAN PRESS
Read More
June 3, 2022

Transport cybersecurity has holes, CSIS says

Cybersecurity By Krystyna Shchedrina
Read More
February 24, 2022

Pandemic disruptions foster cybersecurity complacency

Covid-19 By Inside Logistics Online Staff
Read More
See all in category

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *