The research conducted by BlackBerry at Infosecurity Europe 2024 highlights concerning trends in software supply chain security among UK organizations. According to the study, nearly 38% of organizations face prolonged recovery times of up to a month following attacks targeting their software supply chains. This underscores a critical vulnerability in cybersecurity preparedness across sectors.
Furthermore, a significant 74% of UK IT decision-makers reported receiving notifications of vulnerabilities or attacks in their software supply chains over the past year. Despite regulatory efforts to bolster resilience, such as the UK Government’s focus on enhancing digital supply chain security as part of the National Cyber Strategy, challenges persist. Keiron Holyome from BlackBerry notes a growing adoption of proactive monitoring among UK companies but highlights ongoing gaps in technical expertise and confidence to mitigate threats effectively.
The study also reveals that 75% of IT leaders expressed a need for tools to enhance visibility and inventory management of software libraries impacted by vulnerabilities. Concerns over technical understanding and skilled talent hinder more frequent monitoring practices. Additionally, the frequency of software environment inventories varies significantly, with only 22% performing them in near-real time, indicating room for improvement in proactive security measures.
In terms of impact, UK organizations cited substantial consequences from software supply chain incidents, including financial loss (62%), data loss (59%), reputational damage (57%), and operational disruptions (55%). Key areas of concern remain operating systems and web browsers, which pose the highest risk of security breaches. Despite implementing security measures like data encryption, staff training, and multi-factor authentication, challenges in mitigating risks associated with software supply chains persist, necessitating continued vigilance and improvement in cybersecurity strategies.
