iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Venafi has found 82 per cent of CIOs believe their organisations are vulnerable to cyber attacks targeting software supply chains.
Venafi's global study of 1,000 CIOs has found that the shift to cloud native development, along with the increased speed in development brought about by the adoption of DevOps processes, has made the challenges connected with securing software supply chains infinitely more complex.
According to Kevin Bocek, vice president of threat intelligence and business development for Venafi, digital transformation has made every business a software developer.
"As a result, software development environments have become huge target for attackers.
"Hackers have discovered that successful supply chain attacks, especially those that target machine identities, are extremely efficient and more profitable," Bocek added.
Bocek has seen dozens of ways to compromise development environments in these types of attacks, including attacks that leverage open-source software components like Log4j.
"The reality is that developers are focused on innovation and speed rather than security.
"Unfortunately, security teams rarely have the knowledge or the resources to help developers solve these problems and CIOs are just waking up to these challenges," Bocek explained.
Motivated by the success of high-profile software supply chain attacks on companies like SolarWinds and Kaseya, malicious cyber threat actors are stepping up attacks against software build and distribution environments.
The Venafi study found these key findings:
More than 90 per cent of software applications use open-source components, and the dependencies and vulnerabilities associated with open-source software are extremely complex. CI/CD and DevOps pipelines are typically structured to enable developers to move quickly but not necessarily more securely.
In the push to innovate faster, the complexity of open source and the speed of development limit the efficacy of software supply chain security controls.
CIOs recognise changing the approach to overcome these challenges should be in play:
CIOs have been increasingly concerned about the serious business disruptions, revenue loss, data theft and customer damage that can result from successful software supply chain attacks. The sharp increase in the number and sophistication of these attacks over the last 12 months has brought the issue of the software supply chain vulnerability into sharp focus. As a result, CEOs and boards are now paying attention.
[Related: Aussie disability scheme recipients’ data leaked after NDIS data breach]
Be the first to hear the latest developments in the cyber industry.
