In a nutshell: 62 percent of companies were compromised through suppliers in 2023 – least privilege, network segmentation, and DevSecOps substantially reduce risk.
Supply-chain attacks increasingly threaten critical infrastructures such as hospitals. The ENISA Report 2023 shows that 62 percent of companies suffered at least one compromise via service providers in the past year.
The complexity of modern IT infrastructures significantly exacerbates the supply-chain challenge. Organizations now operate within a dense web of suppliers, APIs, and integrations. A single vulnerable partner can lead to far-reaching compromises, especially since security incidents spread faster through shared code, tokens, and cloud services than they can be traced. Price pressure on IT service providers and manufacturers worsens the situation: too much code is reviewed too little, too many configurations and features demand high concentration and ongoing updates, while speed and cost efficiency are still expected.
For CISOs, four concrete countermeasures are central: First, implementing least-privilege principles to grant employees, partners, and software only necessary access rights. Second, network segmentation, which isolates third-party software and partner organizations, protecting the rest of the network and personal data. Third, integrating security checks into the development lifecycle (DevSecOps) to detect tampering early. Fourth, Security Operations Centers should monitor all environments – endpoints, networks, cloud, and mobile devices – with automated threat prevention.
The attacks themselves cannot be completely prevented, but their consequences can be minimized. In the future, agentic AI systems will automate risk management by mapping dependencies and monitoring third-party compliance. However, this hyperconnectivity also increases exposure – compromised code libraries and API tokens can spread faster than Incident Response can keep pace. CISOs must therefore actively shape and monitor trust relationships between their organizations and external partners.
Source: www.it-daily.net · Published June 4, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.2.9.