Kaspersky Identifies Ongoing Supply Chain Attack

In March 2026, a Kaspersky study found supply chain attacks were the most common cyberthreat businesses faced over the prior 12 months, yet only 9% of organisations ranked them as a top concern.

To mitigate the risks associated with software supply chain attacks, Kaspersky recommends organisations adopt the following security measures:

• Audit software supply chains: Before authorising third-party applications for corporate environments, evaluate the vendor’s security track record, review their vulnerability disclosure data, and verify their compliance with industry security standards.
• Enforce strict procurement protocols: Mandate regular security audits for all deployed software and ensure any tools utilised by employees comply with the organisation’s internal security policies and incident notification requirements.
• Restrict administrative privileges: Implement preventive frameworks, such as the principle of least privilege and zero-trust architecture. Limiting user access rights significantly reduces the potential blast radius if a trusted application is compromised and attempts to execute unauthorised commands.
• Deploy continuous infrastructure monitoring: Kaspersky recommends utilising Extended Detection and Response (XDR) solutions, such as the Kaspersky Next product line. These tools provide real-time monitoring to identify anomalies in network traffic or unauthorised actions originating from implicitly trusted software.
• Update incident response playbooks: Ensure organisational security strategies explicitly account for supply chain breaches. Playbooks must include predefined steps to rapidly identify, contain, and disconnect compromised third-party applications from internal systems.