cxo voice
  • Home
  • Technology
    • AI
    • Cloud
    • Telecom
    • Data Center
    • BPM
    • Blockchain
  • Finance
    • Banking
  • Cyber Security
  • View Points
  • Leaders Talk
  • News
  • Press Release
    • Submit Press Release
No Result
View All Result
  • Home
  • Technology
    • AI
    • Cloud
    • Telecom
    • Data Center
    • BPM
    • Blockchain
  • Finance
    • Banking
  • Cyber Security
  • View Points
  • Leaders Talk
  • News
  • Press Release
    • Submit Press Release
No Result
View All Result
Leaders Talk and Latest Tech News | CXO VOICE
No Result
View All Result
Home News Cyber Security

Supply Chain Attacks – The Open Source Effect

Harish Kumar by Harish Kumar
January 3, 2023
Supply Chain Attacks – The Open Source Effect

Image Credit: Pixabay

The accelerated digital transformation over the past few years and the pressing demand for remotely administered, agile, and scalable networks have accelerated moves to the cloud, which allows flexibility in scale and resource management while enabling accessibility from anywhere. The vibrant nature of cloud-based infrastructure breaks traditional network boundaries but presents various new challenges, making traditional security systems inefficient. While cloud infrastructure continues to be adopted by more organizations, businesses are not the only ones who have recognized the potential of the cloud. In recent years, there has been an unprecedented rise in the scale and sophistication of software supply chain attacks. From the SolarWinds software supply-chain attack to the exposed Apache Log4j vulnerability, threat actors have trained their sights on this space, targeting critical vulnerabilities in both cloud providers and supply chains. 

Cloud computing in itself has seen multiple vulnerabilities in recent times – and as organizations continue to adopt the cloud, with 35% running more than 50% of their workloads on the likes of Azure, AWS, and GCP, they struggle to manage the complexity of securing their cloud infrastructures across multiple cloud platforms, while also suffering a cyber-skills and knowledge shortage according to the Check Point 2022 Cloud Security Report. 

The global report, based on a survey of 775 cyber security professionals, also revealed that cloud security incidents were up 10% from the previous year, with 27% of organizations now citing misconfiguration, way ahead of issues like exposed data or account compromise. 

Here in India, according to the Check Point Threat Intelligence Report, an organization in India is being attacked on average 1798 times per week in the last 6 months, compared to 1126 attacks per organization globally, a worrying trend of increased cyberattacks. 

The evolution of this, it seems, has seen cybercriminals take supply chain attacks to the cloud arena. We saw evidence of this in March when the notorious ransomware gang Lapsus$ released a statement claiming to have gained access to Okta, an identity management platform, by obtaining access to an administrative account. Okta is a cloud-based software used by thousands of companies to manage and secure user authentication processes. Developers also use it to build identity controls. This means that hundreds of thousands of users worldwide could have been compromised by the Lapsus$ attack.

Exactly how many, however, is open to discussion. The hackers themselves claimed to have gained access to 95% of Okta’s clients, while Okta suggested just 2.5% of user details were compromised. Either way, the incident should be a warning sign for the potential risks posed by supply chain attacks.

ADVERTISEMENT

What puts a supply chain at risk? 

The industry has seen increasing cyber attacks that leverage weak supply chain methodologies. Currently, the most prominent supply chain risk that organizations are exposed to comes from open-source software. This is because the open-source community provides many modules and packages regularly adopted by businesses worldwide, including those within your supply chain.

The problem with open-source, however, is that it is inherently insecure. That is partly because it is written by individuals who may lack the expertise or budget to make them completely safe. The other issue with open-source code comes down to ownership. After all, once a package is released to the community, it is impossible to determine who owns it and who is responsible for maintaining it.

This creates a chink in your security architecture because the open-source packages that you import may have dependencies that you are simply not aware of. That is exactly what happened with NotPetya: an evolution of a pretty standard string of malware, NotPetya managed to infiltrate systems across the globe by relying on a piece of widely used open-source accounting software. This meant that it spread like wildfire, causing chaos in Ukraine and several major countries, including the U.K., France, Germany, Russia, and the U.S.

The ubiquity of open-source software and code means that it can be hard for organizations to know if either they or their suppliers are vulnerable to such attacks. It makes the supply chain an attractive target for cybercriminals who will invest time and resources into these attacks on the understanding that by breaching one system, they can quickly access many more.

How can you prevent potential attacks?

So far, in 2022, we have seen a seismic shift in the cloud threat landscape as more and more threat actors target critical vulnerabilities in both cloud providers and supply chains. What does this mean for your business, and how can you avoid this growing threat?

Unfortunately, when it comes to your cloud provider, no matter who you choose, their platform will have vulnerabilities. You could conduct all the research in the world and call on the know-how of the industry’s best experts, but you cannot control the security of your chosen provider’s platform.

So, if we cannot prevent a breach within cloud providers themselves, what can organizations do to protect themselves? We help provide some salient steps to take : 

Multi-Layered Security: The answer lies in creating multiple overlapping layers of security that help to reduce your exposure to risk. Organizations tend to build security mitigations as a single protection-control point, and attackers will try to evade such. Security implementation that assumes the first tier may fail and enforces multiple layers will have a greater chance of surviving a sophisticated cyber attack. This means that even if a vulnerability in your cloud provider were to be exploited, you have a robust enough security ecosystem to ward off attacks and mitigate any potential fallout.

Adopting a zero-trust security mindset: A starting point to help organizations protect themselves is to adopt a zero-trust security mindset. That way, even if there is a breach, your business data is protected, containing any threat posed by a cloud-based attack and ensuring that it cannot spread within your own systems

Automate DevSecOps: Automation in the cloud is key – it is important to ensure the ease of use and support for automation at every stage of the security and development process. The earlier organizations enable security in the development cycle, the more they can reduce the risk and cost of mistakes. Another way businesses can ensure the virtual doors to their network remain firmly locked is to automate their DevSecOps, ensuring that security operations can be deployed in real-time and fully aligned with other business objectives. For example, Check Point CloudGuard includes automated security tools for developers in order to ensure that all code is secured from the outset before being deployed. It scans infrastructure-as-code and source code to eliminate threats at the earliest phase.

With the sheer velocity of malware and ransomware variants, the widespread growth of enterprise-connected and personal devices, and the hybrid work model, it is nearly impossible for traditional human-created models to provide holistic and up-to-date security that would detect threats such as the Apache Log4j vulnerability exploit and supply chain attacks. 

Also Read: Top Technology Trends to Watch in 2023

Harish Kumar

Harish Kumar

Head, Enterprise at Check Point Software Technologies, India & SAARC

Related Posts

Amazon to Invest Over $4 Billion to Launch Infrastructure Region in Chile
Press Release

Amazon to Invest Over $4 Billion to Launch Infrastructure Region in Chile

May 9, 2025
Johnson & Johnson Medtech
Press Release

Johnson & Johnson Medtech Partners with Qure.ai to Boost Early Detection of Lung Cancer

May 9, 2025
Ant International and Barclays
Finance

Ant International and Barclays Partner to Revolutionize Global Treasury Management with Advanced AI Technology

May 7, 2025
Microsoft Farmbeats
Technology

Microsoft and National FFA Expand FarmBeats for Students Program to Enhance Agricultural Education Across the U.S.

May 7, 2025
CEOs on AI
AI

CEOs Bet Big on AI: Navigating the Hurdles to Unlock Its Power

May 7, 2025
Asus TUF 500
Technology

Unleash Your Gaming Potential with the ASUS TUF Gaming Compact Desktop

May 6, 2025
IBM Lumen
Business

Revolutionizing AI: Lumen Technologies and IBM Partner to Unlock Scalable AI for Businesses

May 6, 2025
IBM Oracle
AI

IBM and Oracle Join Forces to Advance Agentic AI and Hybrid Cloud

May 6, 2025
Load More
ADVERTISEMENT

Latest Updates

Amazon to Invest Over $4 Billion to Launch Infrastructure Region in Chile

Amazon to Invest Over $4 Billion to Launch Infrastructure Region in Chile

by News Desk
21 hours ago

Johnson & Johnson Medtech

Johnson & Johnson Medtech Partners with Qure.ai to Boost Early Detection of Lung Cancer

by Businesswire Desk
21 hours ago

Ant International and Barclays

Ant International and Barclays Partner to Revolutionize Global Treasury Management with Advanced AI Technology

by News Desk
3 days ago

Microsoft Farmbeats

Microsoft and National FFA Expand FarmBeats for Students Program to Enhance Agricultural Education Across the U.S.

by News Desk
3 days ago

CEOs on AI

CEOs Bet Big on AI: Navigating the Hurdles to Unlock Its Power

by Deepa Sharma
3 days ago

Oracle Oracle APSSDC

Oracle Partners with APSSDC to Empower 400,000 Students in Andhra Pradesh with Cutting-Edge Digital Skills Training

by News Desk
3 days ago

Expert Views

Molly Sands AI
AI

AI RIP: 5 Things Knowledge Workers Will Say ‘Sayonara’ to in the Next Decade

March 8, 2025
multi cloud
Cloud

Multi-Cloud Made Simple: Strategies for Smart Business Management

March 5, 2025
Soft Skills
Opinion

Soft Skills and Technical Know-How: A Winning Combination in the Tech Industry

March 4, 2025
Digital Freedom
Cyber Security

Your Data, Their Gold: The Silent Battle for Digital Freedom

February 25, 2025
LLM in India
AI

Why A Homegrown LLM Is the Next Big Leap for India

February 22, 2025

Get Latest Update

Subscribe to our mailing list to receives newsletter direct to your inbox!

ADVERTISEMENT

Leaders Interviews

Steve Wilson, GenAI Cybersecurity LLMs
Cyber Security

How effective is GenAI in cybersecurity? The role of LLMs and AI in security solutions. [Interview with Steve Wilson]

-
Interview on Counterfeit products with Nikhil Narayan
Leaders Talk

Advancements in ML & AI made it possible to detect counterfeit products in real-time, says Nikhil Narayan

-
Newgenone bridges the gap between business users and IT teams with its low code capability: Varun Goswami
Leaders Talk

Newgenone bridges the gap between business users and IT teams with its low code capability: Varun Goswami

-
AI chatbots, Prasanna-Kumar
Leaders Talk

Can AI chatbots enhance customer experience and reduce the cost of serving customers?

-

Entrepreneur

Samsung Electronics appoints its first female president

Inspiring Women Entrepreneurs in India (2022)

Technology Adoption For Entrepreneurs

Volunteering management is the need of the Hour

CXOVoice.com is a leading online publication for CXOs, entrepreneurs, senior leaders, developers, and industry professionals. Our coverage spans key sectors, including IT, technology, banking, finance, cybersecurity, engineering, and automobiles.

Connect with us

Easy Links

  • Cryptocurrency
  • Event
  • Blockchain
  • Press Release
  • Resources & Downloads

Write Us

[email protected]
  • Home
  • About Us
  • Contact Us
  • Advertise
  • Privacy & Policy
  • Feedback

Copyright © 2025 CXOVoice - All Right Reserved

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Our Spring Sale Has Started

You can see how this popup was set up in our step-by-step guide: https://wppopupmaker.com/guides/auto-opening-announcement-popups/

No Result
View All Result
  • Home
  • Technology
    • AI
    • Cloud
    • Telecom
    • Data Center
    • BPM
    • Blockchain
  • Finance
    • Banking
  • Cyber Security
  • View Points
  • Leaders Talk
  • News
  • Press Release
    • Submit Press Release

Copyright © 2025 CXOVoice - All Right Reserved