• Home
• Technology

A recent global study by Kaspersky has revealed that the lack of qualified IT security personnel (44%) and the need for global organizations to prioritize various security tasks (42%) are major obstacles in mitigating supply chain and trusted relationship attacks in the Middle East.

The study highlights that supply chain attacks have emerged as a top threat, with one in three organizations experiencing such incidents in the past year. The survey identifies key barriers preventing businesses from successfully managing these risks, notably the shortage of skilled cybersecurity staff. This gap limits organizations’ ability to consistently monitor potential vulnerabilities among third-party providers.

Other primary challenges include stretched security teams balancing multiple priorities, unclear IT security obligations in contractor contracts (34%), and limited cybersecurity awareness among non-IT staff (35%). Globally, 83% of organizations acknowledge the need to improve protection against supply chain and trusted relationship risks, while only 17% believe their current measures are effective.

Current mitigation practices remain fragmented, with no single approach adopted by more than 41% of respondents. Even widely recommended measures such as two-factor authentication are used by just 39%, and only 41% regularly review the cybersecurity posture of their contractors. As a result, nearly two-thirds of companies lack ongoing visibility into their partners’ security, leaving them vulnerable to emerging threats.

Organizations previously affected by supply chain or trusted relationship attacks tend to adopt stronger practices, including requesting penetration test results (56%) and compliance checks with industry standards (56%).

Sergey Soldatov, Head of Security Operations Center at Kaspersky, commented:
“When security teams are overstretched and understaffed, organizations remain exposed to threats moving silently through their provider ecosystem. Supply chain security must become a shared responsibility enforced across the entire business network.”

Kaspersky recommends several measures to mitigate these risks:

Adopt managed security services such as Kaspersky Managed Detection and Response (MDR) or Incident Response.

Provide employees with practical cybersecurity training.

Evaluate suppliers’ cybersecurity policies and incident history before partnerships.

Implement contractual security obligations and regular audits.

Collaborate with suppliers to strengthen security across the ecosystem.

The study surveyed 1,714 technical experts across 16 countries, including Egypt, the UAE, Saudi Arabia, Germany, Spain, Italy, Brazil, Mexico, Colombia, Singapore, Vietnam, China, India, Indonesia, Turkey, and Russia.