cxo voice
  • Home
  • News
  • Expert Opinion
  • Leaders Talk
No Result
View All Result
  • Home
  • News
  • Expert Opinion
  • Leaders Talk
No Result
View All Result
Leaders Talk and Latest Tech News | CXO VOICE
No Result
View All Result
Home News Cyber Security

Supply Chain Attacks – The Open Source Effect

Harish Kumar by Harish Kumar
January 3, 2023
Reading Time: 6 mins read
Supply Chain Attacks – The Open Source Effect

Image Credit: Pixabay

Share on FacebookShare on Twitter

The accelerated digital transformation over the past few years and the pressing demand for remotely administered, agile, and scalable networks have accelerated moves to the cloud, which allows flexibility in scale and resource management while enabling accessibility from anywhere. The vibrant nature of cloud-based infrastructure breaks traditional network boundaries but presents various new challenges, making traditional security systems inefficient. While cloud infrastructure continues to be adopted by more organizations, businesses are not the only ones who have recognized the potential of the cloud. In recent years, there has been an unprecedented rise in the scale and sophistication of software supply chain attacks. From the SolarWinds software supply-chain attack to the exposed Apache Log4j vulnerability, threat actors have trained their sights on this space, targeting critical vulnerabilities in both cloud providers and supply chains. 

Cloud computing in itself has seen multiple vulnerabilities in recent times – and as organizations continue to adopt the cloud, with 35% running more than 50% of their workloads on the likes of Azure, AWS, and GCP, they struggle to manage the complexity of securing their cloud infrastructures across multiple cloud platforms, while also suffering a cyber-skills and knowledge shortage according to the Check Point 2022 Cloud Security Report. 

The global report, based on a survey of 775 cyber security professionals, also revealed that cloud security incidents were up 10% from the previous year, with 27% of organizations now citing misconfiguration, way ahead of issues like exposed data or account compromise. 

Here in India, according to the Check Point Threat Intelligence Report, an organization in India is being attacked on average 1798 times per week in the last 6 months, compared to 1126 attacks per organization globally, a worrying trend of increased cyberattacks. 

The evolution of this, it seems, has seen cybercriminals take supply chain attacks to the cloud arena. We saw evidence of this in March when the notorious ransomware gang Lapsus$ released a statement claiming to have gained access to Okta, an identity management platform, by obtaining access to an administrative account. Okta is a cloud-based software used by thousands of companies to manage and secure user authentication processes. Developers also use it to build identity controls. This means that hundreds of thousands of users worldwide could have been compromised by the Lapsus$ attack.

Exactly how many, however, is open to discussion. The hackers themselves claimed to have gained access to 95% of Okta’s clients, while Okta suggested just 2.5% of user details were compromised. Either way, the incident should be a warning sign for the potential risks posed by supply chain attacks.

ADVERTISEMENT

What puts a supply chain at risk? 

The industry has seen increasing cyber attacks that leverage weak supply chain methodologies. Currently, the most prominent supply chain risk that organizations are exposed to comes from open-source software. This is because the open-source community provides many modules and packages regularly adopted by businesses worldwide, including those within your supply chain.

The problem with open-source, however, is that it is inherently insecure. That is partly because it is written by individuals who may lack the expertise or budget to make them completely safe. The other issue with open-source code comes down to ownership. After all, once a package is released to the community, it is impossible to determine who owns it and who is responsible for maintaining it.

This creates a chink in your security architecture because the open-source packages that you import may have dependencies that you are simply not aware of. That is exactly what happened with NotPetya: an evolution of a pretty standard string of malware, NotPetya managed to infiltrate systems across the globe by relying on a piece of widely used open-source accounting software. This meant that it spread like wildfire, causing chaos in Ukraine and several major countries, including the U.K., France, Germany, Russia, and the U.S.

The ubiquity of open-source software and code means that it can be hard for organizations to know if either they or their suppliers are vulnerable to such attacks. It makes the supply chain an attractive target for cybercriminals who will invest time and resources into these attacks on the understanding that by breaching one system, they can quickly access many more.

How can you prevent potential attacks?

So far, in 2022, we have seen a seismic shift in the cloud threat landscape as more and more threat actors target critical vulnerabilities in both cloud providers and supply chains. What does this mean for your business, and how can you avoid this growing threat?

Unfortunately, when it comes to your cloud provider, no matter who you choose, their platform will have vulnerabilities. You could conduct all the research in the world and call on the know-how of the industry’s best experts, but you cannot control the security of your chosen provider’s platform.

So, if we cannot prevent a breach within cloud providers themselves, what can organizations do to protect themselves? We help provide some salient steps to take : 

Multi-Layered Security: The answer lies in creating multiple overlapping layers of security that help to reduce your exposure to risk. Organizations tend to build security mitigations as a single protection-control point, and attackers will try to evade such. Security implementation that assumes the first tier may fail and enforces multiple layers will have a greater chance of surviving a sophisticated cyber attack. This means that even if a vulnerability in your cloud provider were to be exploited, you have a robust enough security ecosystem to ward off attacks and mitigate any potential fallout.

Adopting a zero-trust security mindset: A starting point to help organizations protect themselves is to adopt a zero-trust security mindset. That way, even if there is a breach, your business data is protected, containing any threat posed by a cloud-based attack and ensuring that it cannot spread within your own systems

Automate DevSecOps: Automation in the cloud is key – it is important to ensure the ease of use and support for automation at every stage of the security and development process. The earlier organizations enable security in the development cycle, the more they can reduce the risk and cost of mistakes. Another way businesses can ensure the virtual doors to their network remain firmly locked is to automate their DevSecOps, ensuring that security operations can be deployed in real-time and fully aligned with other business objectives. For example, Check Point CloudGuard includes automated security tools for developers in order to ensure that all code is secured from the outset before being deployed. It scans infrastructure-as-code and source code to eliminate threats at the earliest phase.

With the sheer velocity of malware and ransomware variants, the widespread growth of enterprise-connected and personal devices, and the hybrid work model, it is nearly impossible for traditional human-created models to provide holistic and up-to-date security that would detect threats such as the Apache Log4j vulnerability exploit and supply chain attacks. 

Also Read: Top Technology Trends to Watch in 2023

Harish Kumar

Harish Kumar

Head, Enterprise at Check Point Software Technologies, India & SAARC

Related Posts

Amazon reports $149.2 bn in net sales, faces short-term uncertainty
News

Amazon reports $149.2 bn in net sales, faces short-term uncertainty

February 3, 2023
AI-Powered video conferencing solutions by Qualcomm
AI

AI-Powered video conferencing solutions by Qualcomm

February 2, 2023
Samsung's new PC lineup features 'AI Noise Canceling'
Technology

Samsung’s new PC lineup features ‘AI Noise Canceling’

February 2, 2023
union budget 2023-24
News

Business Leader’s reactions on the union budget 2023-24

February 1, 2023
5G

India plans to set up 100 5G labs to develop applications

February 1, 2023
EVs
News

EV 2-wheeler sales in India to reach 22 mn by 2030: Report

February 1, 2023
customers trust and privacy
Productivity

How to win customer trust by maintaining a privacy policy 

January 31, 2023
We must strive to bring startups ownership back to the country: Survey
News

We must strive to bring startups ownership back to the country: Survey

January 31, 2023
Load More
ADVERTISEMENT

Expert Views

SaaS Rising: India is Ready for its Next IT Moment
Opinion

SaaS Rising: India is Ready for its Next IT Moment

January 31, 2023
Technology remains the main driver for insurance companies to scale and grow in 2023
News

Technology remains the main driver for insurance companies to scale and grow in 2023

January 10, 2023
Supply Chain Attacks – The Open Source Effect
Cyber Security

Supply Chain Attacks – The Open Source Effect

January 3, 2023
Technology Trends to Watch in 2023
Opinion

Top Technology Trends to Watch in 2023

December 21, 2022
Startups should embrace a down-round and restructure their firms: Flipkart CEO
Business

Startups should embrace a down-round and restructure their firms: Flipkart CEO

November 22, 2022

Latest Updates

Amazon reports $149.2 bn in net sales, faces short-term uncertainty

Amazon reports $149.2 bn in net sales, faces short-term uncertainty

by IANS
2 days ago

AI-Powered video conferencing solutions by Qualcomm

AI-Powered video conferencing solutions by Qualcomm

by Deepa Sharma
3 days ago

Samsung's new PC lineup features 'AI Noise Canceling'

Samsung’s new PC lineup features ‘AI Noise Canceling’

by IANS
3 days ago

union budget 2023-24

Business Leader’s reactions on the union budget 2023-24

by Deepa Sharma
4 days ago

India plans to set up 100 5G labs to develop applications

by IANS
4 days ago

EVs

EV 2-wheeler sales in India to reach 22 mn by 2030: Report

by IANS
4 days ago

Get Latest Update

Subscribe to our mailing list to receives newsletter direct to your inbox!

ADVERTISEMENT

Leaders Inerviews

Axis Bank's Cloud-driven digital banking solutions
Banking

Axis Bank doubles down on cloud based digital banking solutions

-
digital-first strategy
Banking

Jana Small Finance Bank’s digital-first strategy enhances customer experience

-
email security interview
Cyber Security

What is email security? and its importance in securing enterprise networks

-
Cybersecurity Kallol Sil Interview
Cyber Security

Businesses Need To Invest More In Cybersecurity Training and Awareness: Kallol Sil

-

Entrepreneur

Samsung Electronics appoints its first female president

Inspiring Women Entrepreneurs in India (2022)

Technology Adoption For Entrepreneurs

Volunteering management is the need of the Hour

We bring business leaders' opinions and unique ideas on what’s happening in the market and its impact. Also, get the daily news, analysis, and insights.

Connect with us

Easy Links

  • Cryptocurrency
  • Event
  • Blockchain
  • Press Release
  • Resources & Downloads

Write Us

contact@cxovoice.com
  • Home
  • About
  • Contact Us
  • Advertise
  • Privacy & Policy
  • Feedback

© 2023 CXO VOICE

No Result
View All Result
  • Home
  • News
  • Expert Opinion
  • Leaders Talk

© 2023 CXO VOICE

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Our Spring Sale Has Started

You can see how this popup was set up in our step-by-step guide: https://wppopupmaker.com/guides/auto-opening-announcement-popups/