Only 24% of information technology managers in India consider their supply chain networks as a security risk.
Such weak links are exploited by unethical hackers, leading to a compromise of third party vendor operations at the enterprise, according to UK-based cybersecurity firm Sophos.
IT managers don’t prioritise supply chain as a security risk because they look at such attacks as being carried out by state actors on more high profile targets but once these hacking blueprints are out in public, it doesn’t take too long for cybercriminals to adopt them, according to Sunil Sharma, director, Sophos India.
“Supply chain attacks are also an effective way for cybercriminals to carry out automated, active attacks where they select a victim from a larger pool of prospects and then actively hack into that specific organisation using hand-to-keyboard techniques and lateral movements to evade detection and reach their destination,” Sharma added.
Among other top security risks, 27% of the polled Indian IT managers identified Internet of Things (IoT) threats while 21% of them considered internal staff to be a threat.
The study also reported that 89% of Indian IT managers find it hard to hire employees skilled in cybersecurity, pushing India’s ranking to the highest in this regard among all 12 countries polled.
As many as 81% of Indian respondents also agreed that their cybersecurity budget, including people and technology, is lower than the requirements.
The findings were part of The Impossible Puzzle of Cybersecurity survey, which polled over 3,000 IT decision-makers from mid-sized businesses spread across six continents on their experiences with cyber-attacks at their enterprises.