Supply chain delays leave enterprises at risk

Continuing global supply chain disruption caused by the pandemic and the war in Ukraine is putting enterprises at increased risk from things like ransomware attacks, according to new research from Citrix.

The survey of 200 UK IT decision makers carried out by OnePoll finds 80 percent of security leaders believe that supply chain issues or delays have put their organization at increased risk from ransomware — for example, by being unable to replace unsupported hardware.

While 62 percent of organizations aim to refresh their hardware stack — including servers, networking equipment, data center racks, laptops, smartphones, and tablets — at least annually, 70 percent admit supply chain issues have delayed these attempts.

These delays have meant 63 percent of affected organizations relying on devices within their IT inventory well after their manufacturer support period has ended. Over half (57 percent) of IT security leaders impacted by the delays admit they could be relying on devices where the support period expired up to a year ago.

Despite this 93 percent report feeling confident in their organization’s contingency plans to deal with failures caused by unsupported hardware — for example, having plans for rapid migration to the cloud, to counter zero-day exploits that expose new attack surfaces.

Chris Mayers, chief security architect at Citrix, says:

The global supply chain crisis has had significant knock-on effects across all industries, with security leaders now feeling the impact as they seek to safeguard their organizations.

With key infrastructural hardware like networking and data center equipment underpinned by software, some of which is now unsupported, it’s critical that enterprises have a clear and robust networking perimeter. Built on a foundation of a virtualized cloud, such an architecture enables enterprises to contain new attacks and prevent the spread of the likes of malware and ransomware.

In addition 70 percent believe their organization is being specifically targeted by cyberattackers in order to gain access to external systems and data, such as those in government or private enterprises.

Photo Credit: Olivier Le Moal / Shutterstock

Ian Barker

Source link