Large companies with more than 2,500 employees emerge as prime targets.

Illustrative image - iStock

Digital supply chains: A fatal vulnerability threatening 31% of the world's companies

While major institutions tighten their digital defenses against direct attacks, "shadow hackers" have found an easier and more dangerous avenue: digital supply chains.

Breaching no longer requires confronting complex corporate defense systems. It suffices to infiltrate through a small technology supplier or service partner who possesses the legitimate "access key."

 This trusted partner then becomes a "backdoor" that undermines the infrastructure from within. Dr. Mohamed Mohsen Ramadan, Head of the Artificial Intelligence and Cybersecurity Unit at the Arab Center for Research, reveals a qualitative shift in cyber warfare strategies.

Third Parties

He believes that the increasing reliance on "third parties" has created a complex, interconnected technological environment. Attackers understand that compromising a supplier with access privileges is far easier than attacking the parent company. 

This is supported by statistics, as recent data shows that supply chain attacks topped the list of threats globally, affecting 31% of companies worldwide, while the Middle East region recorded 26%.

Ramadan added: Large companies with more than 2,500 employees stand out as prime targets, with a targeting rate reaching 36%, due to the complexity of their supplier networks, which can reach up to 130 contractors. 

Ramadan warned of the "trusted relationships" pattern, attacks that exploit legitimate communication channels between partners, making detection "almost impossible" because the attacker operates with a real identity and actual access privileges. This type of attack targeted 25% of companies globally.

(Illustrative image - iStock)

For his part, Major General Mahmoud El-Rashidi, former Assistant Minister of Interior for Information Security in Egypt, described this challenge as "digital genetic risks," referring to viruses or vulnerabilities that infiltrate an organization through software or hardware purchased from abroad.

El-Rashidi cited the World Economic Forum's Global Cybersecurity Outlook 2026 report, emphasizing that 46% of business leaders consider weak supplier controls a direct threat to cyber resilience.

A Digital Ecosystem

He stressed that security is no longer just about protecting an internal network, but rather managing an entire "digital ecosystem." To protect business stability, the Egyptian security official recommends a "zero trust" model, meaning not assuming trust in any user or device, even within the network, while defining the minimum necessary permissions and granting partners only the bare minimum of access.

He called for legal and security due diligence by including strict cybersecurity clauses in supplier contracts and conducting periodic assessments. Major General Al-Rashdi pointed out that building a "digital trust system" is no longer a technological luxury, but an existential necessity in an era where cyberattacks come from those closest to us technically.