In December, the SolarWinds supply chain attack sent shockwaves around the world.
Hundreds of government agencies and private sector organizations were likely affected by the attack, believed to be orchestrated by Russian intelligence threat actors.
[If you are not familiar with the attack, read some of our past articles covering the SolarWinds attack.]
Now comes research that reveals a surging number of supply chain cyberattacks, like the one that caught SolarWinds.
Why are supply chain cyberattacks increasing?
The Identity Theft Resource Center (ITRC) just released its 2020 Data Breach Report, which contains a brief but crucial section on the supply chain.
"Supply chain attacks are increasingly popular with attackers since they can access the information of larger organizations or multiple organizations through a single, third-party vendor."
Think about that statement. One point of failure, one point of access, multiple attack pathways open to exploit. Attackers are looking for the weakest point in your supply chain in an effort to compromise your organization.
"Often, the organization is smaller with fewer security measures than the companies they serve."
Bingo.
How many supply chain cyberattacks occurred in 2020?
This chart, included in the report, details the rise of supply chain attacks in 2020:
Here are the supply chain cyberattack numbers that jump off the page:
- 694 entities affected
- 42,323,106 individuals impacted
The Identity Theft Resource Center says it is tracking a decrease in the number of random cyberattacks designed to catch any organization in its net, and a growing trend toward targeted attacks.
However, even as threat actors target organizations more frequently than consumers, that does not mean consumers are completely off the hook.
The ITRC sums it up like this:
"Our analysis does not suggest that consumers can relax as cybercriminals look elsewhere for quick, easy wins. Identity thieves still steal and misuse consumers' personal information even as the information they want and how they obtain it changes. That's why it's important for both individuals and organizations to follow good cyber-hygiene practices."
For more information about data breaches in 2020, you can read the ITRC's 2020 Data Breach Report in its entirety.
