However, alarmingly, only 24 per cent of IT managers consider supply chain as a top security risk, exposing an additional weak spot that cybercriminals will likely add to their repertoire of attack vectors.
The survey polled 3,100 IT decision makers from mid-sized businesses in the US, Canada, Mexico, Colombia, Brazil, the UK, France, Germany, Australia, Japan, India and South Africa.
"Cybercriminals are always looking for a way into an organisation, and supply chain attacks are ranking higher on their list of methods now. IT managers should prioritise supply chain as a security risk, but they don't because they consider these attacks are perpetrated by nation states on high profile targets.
"While it is true that nation states may have created the blueprints for these attacks, once these techniques are publicised, other cybercriminals often adopt them for their ingenuity and high success rate," Sunil Sharma, Managing Director (Sales), Sophos India and SAARC, said in a statement.
With cyberthreats coming from supply chain attacks, phishing emails, software exploits, vulnerabilities and insecure wireless networks, businesses need a security solution that helps them eliminate gaps and better identify previously unseen threats.
"Supply chain attacks are also an effective way for cybercriminals to carry out automated, active attacks, where they select a victim from a larger pool of prospects and then actively hack into that specific organisation using hand-to-keyboard techniques and lateral movements to evade detection and reach their destination," Sharma added.
( With inputs from IANS )