A faulty update by CrowdStrike triggered one of the largest IT outages in history, impacting approximately 8.5 million systems worldwide.
The incident served as a reminder of critical risks posed by global IT disruptions and supply chain weaknesses.
Kaspersky Security Bulletin 2024's 'Story of the Year' is centered on supply chain incidents and global disruptions.
Supply chain incidents from 2024 include CrowdStrike Linux outrages, XZ backdoor, Pager attack, JavaScript abuse, Cisco breach, Fortinet firewall vulnerabilities, among others.
Emerging threats include major AI provider failure, exploitation of on-device AI tools, cyberattacks on communication satellites, physical threats to the internet, kernel exploitation in Windows and Linux.
Awareness is the first step towards mitigating potential supply chain risks.
Regular updates should be rigorously tested before deployment and adopt granular updates to minimize disruptions.
Diversifying providers reduce single points of failure, enhancing system robustness.
Fostering a culture of responsibility among personnel improves human vigilance and is important for the system's security and stability.
Implementing stricter security measures, adopting a vigilant approach to project management, and maintaining careful oversight in regard to contributed projects also helps.