A new global study by Kaspersky found that a shortage of qualified IT security professionals and competing security priorities are among the leading challenges facing organisations in the Middle East, as supply chain and trusted relationship attacks emerge as a growing threat, with one in three businesses reporting an incident in the past year.

The survey showed that 44% of respondents cited a lack of skilled cybersecurity staff, while 42% pointed to the need to juggle multiple security tasks as key obstacles to mitigating risks.

It also highlighted the rising severity and frequency of such attacks, underscoring the need for organisations to address underlying gaps that hinder effective risk management.

According to the survey, one of the key barriers to reducing supply chain and trusted relationship risks is the lack of a qualified workforce. 

This shortage leaves organisations without the capacity to consistently access and monitor possible third-party vulnerabilities across their ecosystems. 

Among other primary obstacles, respondents noted the need to juggle multiple cybersecurity priorities. This reflects the fact that security teams are stretched across too many tasks at once, which might leave supply chain threats unaddressed.

Beyond resource constraints, respondents also point to structural issues: 34% say their contracts lack clear IT security obligations for contractors. Further 35% note that non-IT security staff often do not fully understand these risks.

Globally, according to the survey, an overwhelming 83% of businesses admit their organizations need to upgrade protection against supply chain and trusted relationship risks, with only 17% of enterprises considering their current security measures effective.

At the same time, the results of the survey showed that current mitigation practices for third-party risks remain fragmented, with no way of protection getting more than 41% of current adopters. Even the most common protective measure, two-factor authentication, is used by only 39% of respondents. 

In addition, only 41% of organizations conduct regular reviews of contractors’ cybersecurity postures. As a result, nearly two thirds of businesses lack ongoing visibility into the security of their partners, leaving them exposed to evolving vulnerabilities across their ecosystems.

According to Kaspersky, companies that have already experienced supply chain and trusted relationship attacks, tend to adopt stronger security habits. 

Global results have shown that those hit by supply chain incidents are more likely to request penetration test results (56%), while victims of trusted relationship breaches prioritize checks on compliance with industry standards (56%) and their contractors’ own supply chain policies (53%).

For mitigating such risks, Kaspersky recommends the following:

*Adopt managed security services. For organizations lacking dedicated cybersecurity resources, the best solution is to resort to outsourcing. Use such services as Kaspersky Managed Detection and Response (MDR) and / or Incident Response, which cover the entire incident management cycle – from threat identification to continuous protection and remediation.

*Invest in additional cybersecurity courses. Enhance the cybersecurity knowledge of your employees with practically-oriented self-guided or live Kaspersky Cybersecurity Training. These educational programs help security professionals advance their hard skills and protect companies against sophisticated attacks.

*Thoroughly evaluate suppliers before entering a deal. Check their cybersecurity policies, information about past incidents and compliance with industry security standards. For software and cloud services, it’s also recommended to review vulnerability data and penetration test results.

*Implement contractual security requirements. Contracts with suppliers should include specific information security requirements, such as regular security audits, compliance with your organization’s relevant security policies, and incident notification protocols.

*Collaborate with suppliers on security issues. Strengthen protection on both sides and make it a shared priority.

More recommendations along with other findings on supply chain risks mitigation are available via the link.

"When security teams are overstretched, understaffed and have to prioritise urgent tasks over long term resilience priorities, organisations are left exposed to threats that can move silently through their provider ecosystem. To break this cycle, the industry needs to adopt more unified and consistent mitigation strategies, from standardized contractor assessments to stronger cross‑team awareness," remarked Sergey Soldatov, Head of Security Operations Center at Kaspersky.

"Supply chain security should become a shared, enforceable responsibility across the entire business network," he stated.

"Only by implementing preventive measures across the organization and approaching partnerships with suppliers and contractors strategically can companies reduce supply chain risks and ensure the resilience of their business," he added.