Kaspersky Recommendations to Mitigate Supply Chain Cyber Risks

KHADAMATY-NEW

A new global study by Kaspersky has identified critical challenges facing organizations in managing supply chain and trusted relationship risks, with respondents in the Middle East citing a lack of qualified IT security professionals (44%) and competing cybersecurity priorities (42%) as the most significant barriers

The findings highlight the growing complexity of cybersecurity environments, where organizations struggle to balance multiple security tasks while maintaining visibility over third-party risks

Supply Chain Attacks Emerge as a Major Threat

According to the study, supply chain attacks have become one of the most pressing threats to businesses worldwide. Alarmingly, one in three organizations reported experiencing such an attack over the past year, underscoring both the frequency and severity of these incidents

This surge in attacks emphasizes the urgent need for organizations to reassess their cybersecurity strategies and strengthen their defenses against increasingly sophisticated threats

Workforce Shortage Limits Risk Visibility

One of the key barriers identified in the report is the shortage of skilled cybersecurity professionals. This gap significantly limits organizations’ ability to continuously monitor and assess vulnerabilities within their partner ecosystems

In addition, security teams are often overburdened with multiple responsibilities, reducing their capacity to address supply chain risks effectively and leaving critical gaps in protection

Structural Gaps and Lack of Awareness Persist

Beyond resource constraints, the study highlights structural weaknesses within organizations. Around 34% of respondents stated that their contracts lack clearly defined IT security requirements for contractors, while 35% indicated that non-IT staff do not fully understand cybersecurity risks

These gaps create additional vulnerabilities, particularly when organizations rely heavily on external vendors and partners

Most Organizations Acknowledge Need for Stronger Protection

Globally, 83% of businesses admit they need to improve their protection against supply chain and trusted relationship risks. However, only 17% believe their current cybersecurity measures are effective

Despite this awareness, mitigation strategies remain fragmented. No single security practice is adopted by more than 41% of organizations. Even widely recognized measures such as two-factor authentication are used by only 39% of respondents

Furthermore, only 41% of companies conduct regular cybersecurity assessments of their contractors, leaving nearly two-thirds without continuous visibility into partner security practices

Organizations Hit by Attacks Adopt Stronger Measures

The study also found that companies that have previously experienced supply chain or trusted relationship attacks tend to adopt more robust security practices

For example, 56% of affected organizations request penetration testing results from partners, while the same percentage prioritize compliance checks with industry standards. Additionally, 53% assess contractors’ own supply chain security policies more rigorously

Call for Unified and Proactive Security Strategies

Commenting on the findings, Sergey Soldatov, Head of Security Operations Center at Kaspersky, emphasized that overstretched and understaffed security teams are forced to prioritize immediate threats over long-term resilience

He stressed the importance of adopting unified and consistent mitigation strategies, including standardized contractor assessments and improved cross-team awareness