Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Supply chain attacks top threat over 12 months

March 2026 Information Security

Supply chain attacks have become the most prevalent cyberthreat confronting businesses over the past year, according to a new Kaspersky global study. The findings show that nearly one-third of companies worldwide experienced a supply chain threat in the past year.

According to recent data from the World Economic Forum, nearly two-thirds (65%) of large enterprises indicate third-party and supply chain vulnerabilities as their greatest barriers to cyber resilience in today’s interconnected digital landscape. A Kaspersky-commissioned global study examined how these risks are evolving and the extent to which businesses worldwide are exposed.

Kaspersky’s survey showed that 31% of enterprises globally had been impacted by a supply chain attack in the past 12 months, more than any other type of cyberthreat. The supply chain threat is acutely focused on the most connected organisations, with large enterprises reporting the highest rate of attacks experienced (36%) compared to counterparts in low- and mid-sized enterprises.

It is noteworthy that the same group of enterprises report having the highest mean number of software and hardware suppliers, managing around 100 suppliers on average, which creates a vast potential attack surface. On top of that, organisations admit to granting access to their organisations’ systems to dozens of contractors; while low enterprises average about 50 contractors, for high enterprises the figure skyrockets to more than 130, facilitating another cyber risk deriving from the digital space interdependence — trusted relationship attacks, during which attackers might exploit legitimate connections between organisations.

Over the past year, trusted relationship attacks affected a quarter (25%) of companies globally. Most frequently, attacks abusing existing connections between organisations were suffered by organisations in Turkey (35%), Singapore (33%) and Mexico (31%).

“We are operating in a digital ecosystem where every connection, every supplier, every integration becomes part of our security profile,” comments Sergey Soldatov, head of security operations centre at Kaspersky. “As organisations grow more interconnected, their exposure to attacks grows with them. Against this landscape, protecting the modern enterprise now demands an ecosystem wide approach that strengthens, not just individual systems, but the entire network of relationships that keep business operating.”

Only by implementing preventive measures across the organisation and approaching partnerships with suppliers and contractors strategically can companies reduce supply chain risks and ensure business resilience.

For mitigating such risks, Kaspersky recommends the following:

Thoroughly evaluate suppliers before entering a deal. Check their cybersecurity policies, information about past incidents and compliance with industry security standards. For software and cloud services, it is also recommended to review vulnerability data and penetration tests.

Implement contractual security requirements. Complete regular security audits, and ensure compliance with your organisation’s relevant security policies and incident notification protocols.

Adopt preventive technological measures. Implement security practices such as the principle of least privilege, zero trust and mature identity management to reduce damage if the supplier is compromised.

Ensure continuous monitoring. Use solutions for real-time infrastructure monitoring and anomaly detection in software and network traffic, depending on the availability of in-house staff capable of performing such monitoring.

Develop an incident response plan. Make sure it covers supply chain attacks and includes steps to quickly identify and contain breaches — for example, by disconnecting the supplier from company systems.

Collaborate with suppliers on security issues. Strengthen protection on both sides and make it a shared priority.

More recommendations, along with other findings on business exposure to supply chain attacks, are available here.




Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

95% do not have full trust in cybersecurity vendors
Information Security Security Services & Risk Management
Trust in cybersecurity vendors is fragile, difficult to measure, and increasingly shaping risk posture at both operational and board levels. Lack of verifiable transparency undermines cybersecurity decision-making, according to Sophos-backed research.

Read more...
Africa’s largest Zero Trust platform
NEC XON Information Security Commercial (Industry)
Africa has reached a significant cybersecurity milestone with the successful deployment of the continent’s largest Palo Alto Networks Prisma Access and Prisma Access Browser Zero Trust environment, supporting secure remote access for more than 40 000 users for a large enterprise in Africa.

Read more...
From vibe hacking to flat-pack malware
Information Security AI & Data Analytics
HP issued its latest Threat Insights Report, with strong indications that attackers are using AI to scale and accelerate campaigns, and that many are prioritising cost, effort, and efficiency over quality.

Read more...
NEC XON secures mobile provider’s hybrid identities
NEC XON Access Control & Identity Management Information Security Commercial (Industry)
For a leading South African telecommunications operator, identity protection has become a strategic priority as identity-centric attacks proliferate across the industry. The company faced mounting pressure to secure both human and non-human identities across complex hybrid environments.

Read more...
Microsoft 365 security is a ticking time bomb
Information Security
Across boardrooms and IT departments, a dangerous assumption persists that because data is stored in Microsoft 365 and Azure, it is automatically secure. This belief is fundamentally flawed and fosters a false sense of protection.

Read more...
Rise in malicious insider threat reports
News & Events Information Security
Mimecast Study finds 46% of SA organisations report a rise in malicious insider threat reports over the past year: reveals disconnect between security awareness and technical controls as AI-powered attacks accelerate.

Read more...
New campaign exploiting Google Tasks notifications
News & Events Information Security
New phishing scheme abuses legitimate Google Tasks notifications to trick corporate users into revealing corporate login credentials, which can then be used to gain unauthorised access to company systems, steal data, or launch further attacks.

Read more...
Making a mesh for security
Information Security Security Services & Risk Management
Credential-based attacks have reached epidemic levels. For African CISOs in particular, the message is clear: identity is now the perimeter, and defences must reflect that reality with coherence and context.

Read more...
What’s in store for PAM and IAM?
Access Control & Identity Management Information Security
Leostream predicts changes in Identity and Access Management (IAM) and Privileged Access Management (PAM) in the coming year, driven by evolving cybersecurity realities, hybridisation, AI, and more.

Read more...
The challenges of cybersecurity in access control
Technews Publishing SMART Security Solutions Access Control & Identity Management Information Security
SMART Security Solutions summarises the key points dealing with modern cyber risks facing access control systems, from Mercury Security’s white paper “Meeting the Challenges of Cybersecurity in Access Control: A Future-Ready Approach.”

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.