STOCK TITAN

Majority of Organizations Impacted by Software Supply Chain Attacks Over the Past Year, with Many Struggling to Detect and Respond

Rhea-AI Impact
(Low)
Rhea-AI Sentiment
(Neutral)
Tags
Rhea-AI Summary

A recent report from Synopsys Software Integrity Group and Ponemon Institute reveals that 54% of global organizations suffered software supply chain attacks in the past year.

Many struggle to detect and respond, with 50% taking over a month to react. AI usage in code generation is prevalent, yet only 32% evaluate AI-generated code for risks.

Alarmingly, only 39% of leaders are committed to reducing software supply chain risks, and resources are often insufficient. Notably, just 35% of organizations implement Software Bills of Materials (SBOMs), critical for security.

Open source vulnerabilities are high, with 65% using it but less than half securing it effectively.

Positive
  • 54% of organizations recognize the risk and are aware of software supply chain attacks.
  • AI tools like OpenAI Codex, ChatGPT, and GitHub Copilot are widely used, enhancing development efficiency.
  • 45% of security professionals report increased investment in software supply chain security post incidents like SolarWinds.
  • 50% of organizations use SBOMs for general dependency and vulnerability management.
Negative
  • 50% of organizations took more than a month to respond to software supply chain attacks.
  • One in five organizations is ineffective in detecting and responding to attacks.
  • Only 32% of organizations evaluate AI-generated code for license, security, and quality risks.
  • A mere 39% of leaders are highly committed to reducing software supply chain risks.
  • Only 38% find resources dedicated to securing the supply chain sufficient or very sufficient.
  • 65% of respondents use open source software, but less than 47% secure it effectively in the supply chain.

Insights

The findings from Synopsys and the Ponemon Institute underscore a critical issue: the fragility of software supply chains. The fact that 54% of organizations experienced a software supply chain attack in the past year points to a widespread vulnerability that needs urgent attention. One concerning aspect is the 50% of organizations taking over a month to respond to these attacks, highlighting significant gaps in their incident response strategies. This delay increases the potential damage, as attackers can exploit these windows of opportunity to deploy malware or steal sensitive data.

Another alarming statistic is that only 32% of organizations have processes to evaluate AI-generated code, despite the rising adoption of AI tools like OpenAI Codex, ChatGPT and GitHub Copilot. AI can streamline development but it also introduces new risks, particularly if the generated code isn't scrutinized for security and quality.

Software Bills of Materials (SBOMs) are vital in maintaining transparency and security in the supply chain. However, with only 35% of organizations producing them, there's a clear lack of consistent practices. SBOMs help in identifying and managing dependencies and vulnerabilities, which is important given the pervasive use of open-source software, as noted by 65% of respondents.

For investors, this data indicates a growing market for robust cybersecurity solutions, particularly those focusing on supply chain security. Companies that can innovate in this space may see increased demand as organizations look to bolster their defenses.

The report from Synopsys and the Ponemon Institute not only highlights significant vulnerabilities in the software supply chain but also points to potential financial implications. When organizations delay response to attacks, the costs of breaches can escalate quickly. For instance, prolonged exposure can lead to more extensive data loss, regulatory fines and reputational damage, all of which can significantly affect an organization's financial health.

According to the report, only 38% of security professionals believe their organizations have sufficient resources dedicated to securing the supply chain. This suggests a potential increase in future cybersecurity spending. However, the slow adoption of critical measures like SBOMs and AI code evaluation processes indicates a gap that needs to be filled, representing a market opportunity for cybersecurity firms.

Investors should watch for companies that are proactively addressing these issues, as they are likely to perform better in the long term. Firms investing in comprehensive security measures may not only protect themselves better but could also save on costs associated with breaches and regulatory penalties.

Overall, this report suggests that the market for cybersecurity solutions, especially those targeting supply chain security, is likely to grow. Investors should consider companies with a strong focus on innovation in this area.

More than half (54%) of organizations surveyed suffered a software supply chain attack in the past year, according to a new report from Synopsys Software Integrity Group and Ponemon Institute

SUNNYVALE, Calif., May 16, 2024 /PRNewswire/ -- The majority of global organizations (54%) suffered a software supply chain attack over the past year, and most are unable to keep up with the growing risk landscape. This is according to "The State of Software Supply Chain Security Risk" report, released today by Synopsys, Inc. (Nasdaq: SNPS) and the Ponemon Institute, which also found that 50% of organizations took more than a month to respond to an attack. One in five say that their organization is not effective in its ability to detect and respond to these attacks.

The data also shows that AI is becoming ubiquitous across the software development life cycle. The majority of security professionals (52%) say their development teams leverage AI tools to generate code, specifically, OpenAI Codex (50%), ChatGPT (45%) and GitHub Copilot (43%). While the use of AI creates efficiencies by automating decision-making, findings indicate that concerningly few protections are put in place. Only a third (32%) of organizations have processes to evaluate AI-generated code for license, security, and quality risks.

Survey respondents also cited a worrisome lack of commitment from decision-makers when mitigating these issues. Only 39% say their organization's leaders are highly committed to reducing the risk of malware in software supply chains. Even though 45% of security professionals say supply chain compromises such as SolarWinds have led to increased investment in software supply chain security, only 38% say resources dedicated to securing the supply chain are sufficient or very sufficient.

"Supply chain attacks are becoming more prevalent across organizations globally, yet this report highlights the sustained weaknesses in existing software development processes and security standards," said Jason Schmitt, general manager, Synopsys Software Integrity Group. "Attackers are getting more sophisticated and thus finding more weaknesses that allow them to explore a supply chain where they can steal sensitive data, plant malware, and control systems. Particularly with the rise of AI-generated code, security teams need to maintain visibility into applications, and continuously evaluate IP, security threats, and code quality to reduce risk."

Additional key findings include:

  • Organizations forgoing SBOM implementation: Software Bills of Materials (SBOMs) are critical to ensuring a secure software supply chain but only 35% of security professionals say their organizations produce them. Furthermore, only 40% say they immediately stop the use of software if the supplier doesn't provide a requested SBOM. The main reasons organizations generate SBOMs are general dependency and vulnerability management (50%), industry regulations (39%), customer requirements (38%), and government requirements (38%).
  • Open source vulnerabilities remain a huge risk: Nearly two-thirds (65%) of respondents say they use open source software, although less than half of respondents (47%) say their organizations are very or highly effective in securing it in the supply chain.

To learn more, download a copy of "The State of Software Supply Chain Security Risks" report, read the blog post or register for the May 23 webinar.

Methodology
The survey collected responses from 1,278 IT and IT security practitioners who are in organizations that are committed to achieving a secure software supply chain and have some level of responsibility for their organizations' software supply chain security strategy. The regions and countries in this research are North America (613 respondents), EMEA (362 respondents), and Japan (303 respondents).

About the Synopsys Software Integrity Group  
Synopsys Software Integrity Group provides integrated solutions that transform the way development teams build and deliver software, accelerating innovation while addressing business risk. Our industry-leading portfolio of software security products and services is the most comprehensive in the world and interoperates with third-party and open source tools, allowing organizations to leverage existing investments to build the security program that's best for them. Only Synopsys offers everything you need to build trust in your software. Learn more at www.synopsys.com/software

About Synopsys  
Catalyzing the era of pervasive intelligence, Synopsys, Inc. (Nasdaq: SNPS) delivers trusted and comprehensive silicon to systems design solutions, from electronic design automation to silicon IP and system verification and validation. We partner closely with semiconductor and systems customers across a wide range of industries to maximize their R&D capability and productivity, powering innovation today that ignites the ingenuity of tomorrow.  Learn more at www.synopsys.com

Editorial Contact:  
Liz Samet
Synopsys, Inc.
336-414-6753
esamet@synopsys.com 

Cision View original content to download multimedia:https://www.prnewswire.com/news-releases/majority-of-organizations-impacted-by-software-supply-chain-attacks-over-the-past-year-with-many-struggling-to-detect-and-respond-302146715.html

SOURCE Synopsys, Inc.

FAQ

What percentage of organizations suffered software supply chain attacks in the past year?

54% of organizations experienced software supply chain attacks in the past year.

How long do organizations typically take to respond to software supply chain attacks?

50% of organizations took more than a month to respond to software supply chain attacks.

What AI tools are commonly used in software development?

Commonly used AI tools in software development include OpenAI Codex, ChatGPT, and GitHub Copilot.

What percentage of organizations evaluate AI-generated code for risks?

Only 32% of organizations evaluate AI-generated code for license, security, and quality risks.

What is the level of commitment from leaders to reduce software supply chain risks?

Only 39% of leaders are highly committed to reducing software supply chain risks.

How many organizations produce Software Bills of Materials (SBOMs)?

35% of organizations produce Software Bills of Materials (SBOMs).

What percentage of organizations use open source software?

65% of organizations use open source software.

Are organizations effective in securing open source software in the supply chain?

Less than half (47%) of organizations are very or highly effective in securing open source software in the supply chain.

Has there been an increase in investment in software supply chain security?

Yes, 45% of security professionals report increased investment in software supply chain security following incidents like SolarWinds.

What are the main reasons for generating SBOMs?

The main reasons for generating SBOMs include general dependency and vulnerability management, industry regulations, customer requirements, and government requirements.

Synopsys Inc

NASDAQ:SNPS

SNPS Rankings

SNPS Latest News

SNPS Stock Data

75.70B
153.85M
0.43%
93.64%
1.85%
Software - Infrastructure
Services-prepackaged Software
Link
United States of America
SUNNYVALE