We’ve discussed the rise of supply chain ransomware attacks on the blog recently. Remember, it’s when instead of being hit directly, vendors or suppliers are targeted and data belonging to multiple companies is affected. The 2019 CrowdStrike Global Security Attitude Survey delved into this issue and found that 77% of respondents experienced some form of supply chain attack in 2019, up from 66% in 2018.

When an attack on an organization’s data happens outside the bounds of its network, leadership and users can be left feeling helpless. And this helpless feeling may be contributing to the increase in ransoms paid. According to the CrowdStrike survey, companies are making the decision to pay the requested ransom to recover their data. In 2018, only 14% of organizations paid a ransom demand after a supply chain attack. In 2019, that number jumped to 40%!

One positive change noted in the study is that organizations are taking this threat seriously and taking steps to mitigate it. More organizations have a comprehensive strategy in place (52%, up from 34% in 2018). More businesses are vetting new and existing vendors’ security practices (45%, up from 32% in 2018). The downside is that if the business model is working (and it is if ransom payments are up), we are likely to see more of these attacks.

Cyber Safety Tip: Vet your vendors.

It’s on the data owner to ensure that their vendors are practicing good security. Ask them about their security policies and if they don’t meet your standards, there are a few options. Ask them to re-visit their policies, reconsider how much information you will share with them, or find another company that meets your needs.