Read Time:2 Minute, 0 Second
The multi-client developer security report “Walking the Line: GitOps and Shift Left Security,” published by Enterprise Strategy Group (ESG), outlined the prevalence of software supply chain risks in cloud-native apps beyond open source.
Commissioned by Synopsys Software Integrity Group, the survey results of 350 application development, IT, and cybersecurity decision-makers, 73% of respondents say they significantly increased their efforts to secure their organisations’ software supply chains. It is in response to attacks on the software supply chain like Log4Shell, SolarWinds, and Kaseya.
Numerous customers are impacted by the new era of supply chain threats, directly or indirectly. “There was a 650% surge in supply chain attacks in 2021 alone,” said Dattos’ Third Party Risk Manager Jaime Arze.
According to the Cybersecurity and Infrastructure Security Agency, the risk came from the necessity of privileged access for third-party software products and the frequent contact between the vendor’s software on client networks and its network.
Although the original supply chain issue may have been open source software, corporations are worried about the dangers posed to additional supply chain nodes due to the shift toward creating cloud-native applications. It also covers using cloud-native applications via application programming interfaces (APIs). Along with data storage repositories (42%) and application container images (34%), over half (45%) of survey participants named APIs as the vector most vulnerable to attack.
High-profile headlines are helping enterprises understand the magnitude of potential harm that a software supply chain flaw or breach may cause to their operations. Increased multi-factor authentication use, security testing controls, asset discovery improvements, and surface inventory updates were some actions taken.
“While managing open source risk is critical to managing software supply chain risk in cloud-native applications, we must also recognise that the risk extends beyond open source components. Infrastructure-as-code, containers, APIs, code repositories—the list goes on and on and must all be accounted for to ensure a holistic approach to software supply chain security,” Jason Schmitt, General Manager of the Synopsys Software Integrity Group, said.
Even the most intrepid cyber protection will fall short due to neglect. Even if a company already has a supply chain security program, it can still have blind spots.
Attackers use privileged and network access channels as their initial point of entry. Without intervention, they can readily target various devices and organisational levels, depending on their access level.
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %
0
0
