Supply chain leaving Aussie orgs at risk of ransomware

More than two-thirds (68%) of Australian organisations believe their supply chain partners and customers are making their own organisation a more attractive ransomware target, research commissioned by Trend Micro suggests.

A survey conducted for the company by Sapio Research of 107 IT decision-makers in Australia found that Australian organisations are increasingly at risk of ransomware compromise via their supply chains.

“We found that 48% of Australian organisations have had a supply chain organisation hit by ransomware, potentially putting their own systems at risk of compromise,” Trend Micro ANZ Technical Director Mick McCluney said.

But despite recognising the growing threat, many Australian organisations still aren’t taking steps to improve partner cybersecurity, the research found.

“The first step towards mitigating these risks must be enhanced visibility into and control over the expanding digital attack surface,” McCluney said.

Only 45% of Australian organisations are sharing knowledge about ransomware attacks with their suppliers and 25% indicated that they don’t share potentially useful threat information with partners, the research found.

Detection rates for threats such as ransomware (69%), data exfiltration (55%), as well as a threat actor’s initial access (53%) and lateral movement (33%) through a network also remain worryingly low, the research found.

Attackers are also increasingly leveraging the supply chain in their campaigns themselves, with 72% of organisations that have experienced a ransomware attack in the past three years indicating that their attackers had contacted partners and/or customers about the breach to force ransom payment.

Image credit: iStock.com/WhataWin