More than three in five companies were targeted by software supply chain attacks in 2021, according to a recent survey by Anchore. The survey of 428 executives, directors, and managers in IT, security, development, and DevOps found that the organizations of nearly a third of the respondents (30%) were either significantly or moderately impacted by a software supply chain attack in 2021. Only 6% said the attacks had a minor impact on their software supply chain.
The survey bracketed the discovery of the vulnerability found in the Apache Log4 utility. Researchers conducted the survey from December 3 to December 30, 2021. Log4j was revealed December 9. Before that date, 55% of respondents said they had suffered a software supply chain attack. After that date, that number jumped to 65%.