Breaking News: Software Supply-Chain Attacks Now the Greatest Threat

June 3, 2025 – Düsseldorf (OTS) – The European cyber security authority Enisa has identified software supply-chain attacks as the most significant threat, necessitating immediate action from industrial IT and OT (Operational Technology) systems. The number of such incidents in the EU has more than doubled since 2020, placing the spotlight on the vulnerability of smart systems.

The escalation in cyber threats has largely impacted the German industry. External components, software libraries, and firmware updates have become prime entry points for malicious attacks. Cyber security experts warn that these vulnerabilities can then be passed down the supply chain, potentially affecting end customers.

Industry Responds with Urgent Calls to Action

Jan Wendenburg, CEO of Düsseldorf-based cyber security company Onekey, emphasizes, “Cybersecurity must cover the entire value chain to be effective.” Onekey’s Product Cybersecurity & Compliance Platform (OCP) is already witnessing a surge in demand for security checks on embedded systems.

For these systems, regularly monitoring and updating firmware is crucial, especially in long-term operational environments like industrial plants and IoT devices. However, the complexity and scope of global supply chains add to the challenge, making proactive security measures indispensable.

The Economic and Security Impact

According to Cybersecurity Ventures, the annual economic impact of supply chain attacks could reach $80 billion. Two-thirds of EU companies have faced issues with compromised suppliers. Enisa’s recent reports highlight these attacks as the top five threats to industrial IT and OT systems.

The risk extends to Germany’s heavily internationalized economy, which relies heavily on imported parts for production. Jan Wendenburg underscores that “every piece of software and each pre-product represents a potential threat.”

Addressing Security Gaps in Embedded Systems

Open source components, prevalent in firmware stacks, pose significant risks. The Log4Shell case in 2021 serves as a cautionary tale, demonstrating how one software component can compromise millions of applications.

Companies are looking to platforms like Onekey’s OCP, designed to rapidly check firmware for vulnerabilities. These automated checks are vital, especially given that traditional methods in the industry have often been considered difficult or impossible.