BlackBerry Commissioned Research Reveals Four in Five Software Supply Chains Exposed to Cyberattack in the Last 12 Months

Rhea-AI Summary

BlackBerry Limited (NYSE: BB) released findings at its Security Summit, revealing that 80% of IT decision-makers experienced software supply chain attacks in the past year. A staggering 77% identified unknown participants in their supply chains, highlighting vulnerabilities. The survey showed that 59% faced operational disruptions, 58% data loss, and 52% reputational damage post-attack. Furthermore, 71% of respondents desired improved inventory tools, and 72% favored government oversight for enhanced cybersecurity in open-source software.

Positive

• BlackBerry's research positions the company as a thought leader in cybersecurity.
• The call for improved government oversight suggests potential growth opportunities for cybersecurity solutions.

Negative

• Four in five IT decision makers reported software supply chain attacks, indicating a critical cybersecurity landscape.
• Operational disruptions and data loss from attacks may affect BlackBerry's reputation and client trust.

• 77% of businesses uncovered hidden participants in their software supply chain that they were not previously aware of
• 72% call for greater government oversight of open-source software to increase cyber protection

NEW YORK, Oct. 26, 2022 /PRNewswire/ -- BlackBerry Limited (NYSE: BB; TSX: BB) today revealed new research at the 9^th annual BlackBerry Security Summit, exposing the magnitude of software supply chain cybersecurity vulnerabilities in today's organizations. Four in five (80%) IT decision makers stated that their organization had received notification of attack or vulnerability in its supply chain of software in the last 12 months, with the operating system and web browser creating the biggest impact. Following a software supply chain attack, respondents reported significant operational disruption (59%), data loss (58%) and reputational impact (52%), with nine out of ten organizations (90%) taking up to a month to recover.

The results come at a time of increased U.S. regulatory and legislative interest in addressing software supply chain security vulnerabilities.

The survey of 1,500 IT decision makers and cybersecurity leaders across North America, the United Kingdom and Australia revealed the significant challenge of securing software supply chains against cyberattack, even with rigorous use of recommended measures such as data encryption, Identity Access Management (IAM) and Secure Privileged Access Management (PAM) frameworks. Despite enforcing these measures across partners, more than three-quarters (77%) of respondents had, in the last 12 months, discovered unknown participants within their software supply chain that they were not previously aware of and that they had not been monitoring for adherence to critical security standards.  

"While most have confidence that their software supply chain partners have policies in place of at least comparable strength to their own, it is the lack of granular detail that exposes vulnerabilities for cybercriminals to exploit," said Christine Gadbsy, VP, Product Security at BlackBerry. "Unknown components and a lack of visibility on the software supply chain introduce blind spots containing potential vulnerabilities that can wreak havoc across not just one enterprise, but several, through loss of data and intellectual property and operational downtime, along with financial and reputational impact. How companies monitor and manage cybersecurity in their software supply chain has to rely on more than just trust."

Results also revealed that while, on average, organizations were found to perform a quarterly inventory of their own software environment, they were prevented from more frequent monitoring by factors including a lack of skills (54%) and visibility (44%). In fact, 71% said they would welcome tools to improve inventory of software libraries within their supply chain and provide greater visibility to software impacted by a vulnerability. Similarly, 72% were in favor of greater governmental oversight of open-source software to make it more secure against cyber threats.

In the event of a breach, 62% of respondents agree that speed of communications is paramount and 63% would prefer a consolidated event management system for contacting internal security stakeholders and external partners. Yet only 19% have this kind of communications system in place. Multiple systems are in place with the remaining 81%, despite only 28% of respondents saying that they need to tailor communications to different stakeholder groups.

For more information on how BlackBerry's comprehensive, prevention-first, AI-driven cybersecurity solutions can help your business prepare for, prevent, detect and respond to cyber threats, please visit BlackBerry.com.

Notes to editor: Research conducted in October 2022 by Coleman Parkes on behalf of BlackBerry, into 1,500 IT Decision Makers and Cybersecurity professionals across North America (USA and Canada), the United Kingdom and Australia.

About BlackBerry
BlackBerry (NYSE: BB; TSX: BB) provides intelligent security software and services to enterprises and governments around the world.  The company secures more than 500M endpoints including over 215M vehicles.  Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety and data privacy solutions, and is a leader in the areas of endpoint management, endpoint security, encryption, and embedded systems.  BlackBerry's vision is clear - to secure a connected future you can trust. 

BlackBerry. Intelligent Security. Everywhere.  

For more information, visit BlackBerry.com and follow @BlackBerry.

Trademarks, including but not limited to BLACKBERRY and EMBLEM Design are the trademarks or registered trademarks of BlackBerry Limited, and the exclusive rights to such trademarks are expressly reserved.  All other trademarks are the property of their respective owners.  BlackBerry is not responsible for any third-party products or services.

Media Contacts:
BlackBerry Media Relations
+1 (519) 597-7273
mediarelations@BlackBerry.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/blackberry-commissioned-research-reveals-four-in-five-software-supply-chains-exposed-to-cyberattack-in-the-last-12-months-301657657.html

SOURCE BlackBerry Limited

FAQ

What percentage of organizations reported supply chain attacks in the last 12 months?

80% of organizations experienced notifications of attacks or vulnerabilities in their software supply chains.

What did the latest BlackBerry research reveal about unknown participants in software supply chains?

77% of IT decision-makers found unknown participants within their software supply chains.

What operational impacts did companies face following supply chain attacks?

Companies reported 59% operational disruption, 58% data loss, and 52% reputational impact.

How many organizations would welcome better inventory tools for software supply chains?

71% of respondents expressed a desire for tools to improve inventory in their software supply chains.

What is the significance of the BlackBerry research on government oversight of software security?

72% of survey respondents called for greater government oversight of open-source software to enhance cybersecurity.