Over Half of Global Firms’ Supply Chains Compromised by Ransomware

Trend Micro research reveals visibility challenges as attack surface expands

HONG KONG SAR - Media OutReach - 7 September 2022 - Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today that reveals global organizations are increasingly at risk of ransomware compromise via their extensive supply chains.

To read the report, please visit https://www.trendmicro.com/explore/glrans

Trend Micro commissioned Sapio Research in May and June 2022 to poll 2,958 IT decision makers across 26 countries. The research revealed that 79% of global IT leaders believe their partners and customers are making their own organization a more attractive ransomware target. The challenge is particularly acute considering that potentially less well-secured SMBs make up a "significant" portion of the supply chain for over half (52%) of these organizations.

A year ago, a sophisticated attack on a provider of IT management software led to the compromise of scores of MSPs and thousands of downstream customers. Yet only 47% of organizations share knowledge about ransomware attacks with their suppliers. Additionally, 25% said they don't share potentially useful threat information with partners.

This could be because organizations don't have information to share in the first place. Detection rates were worryingly low for ransomware activities including:

• Ransomware payloads (63%)
• Legitimate tooling e.g., PSexec, Cobalt Strike (53%)
• Data exfiltration (49%)
• Initial access (42%)
• Lateral movement (31%)

"We found that 52% of global organizations have had a supply chain organization hit by ransomware, potentially putting their own systems at risk of compromise", said Bharat Mistry, Technical Director at Trend Micro. "But many aren't taking steps to improve partner cybersecurity. The first step towards mitigating these risks must be enhanced visibility into and control over the expanding digital attack surface."

The supply chain can also be exploited by attackers to gain leverage over their targets. Among organizations that had experienced a ransomware attack in the past three years, 67% said their attackers contacted customers and/or partners about the breach to force payment.

Hashtag: #TrendMicro

About Trend Micro

Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world. www.trendmicro.com.hk

• Prev
• Next