Most businesses remain woefully unprepared for the next major supply chain attack
Date:
Tue, 31 May 2022 15:17:46 +0000
Description:
Simple yet devastating supply chain attacks are sadly common, but many firms aren't ready to deal with them.
FULL STORY ======================================================================
Many businesses are woefully unprepared to defend against supply chain cyberattacks, despite a number of successful high-profile incidents and the increase in awareness, new research has found.
A poll of 1,000 CIOs by Venafi found 82% of respondents saying they would be vulnerable to cyberattacks targeting software supply chains.
Since the Covid-19 pandemic, and the increasing speed of development (thanks to technologies such as DevOps), securing the supply chain has become an infinitely more complex task, the report has found. The way software
engineers behave isnt helping, either. Almost nine in ten (87%) of CIOs believe software engineers and developers compromise on security policies and controls in order to get new products and services to market faster.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99. Improving security
As a result, businesses are more vulnerable, with incidents such as
SolarWinds or Kaseya, just giving credence to the claim. The success of earlier supply chain attacks has also further motivated cybercrooks to devote even more time and resources to the practice, it was said.
However it does seem that CEOs are taking notice of such threats, with the report adding 85% of CIOs were specifically instructed by chiefs to improve the security of software build and distribution environments. At the same time, 84% said the budget dedicated to the security of software development environments increased in the last 12 months.
"Hackers have discovered that successful supply chain attacks, especially those that target machine identities, are extremely efficient and more profitable, said Kevin Bocek, vice president of threat intelligence and business development for Venafi. Read more
Securing your supply chain five steps forward
MacBook Pro supplier to relocate factory to combat supply chain issues
How to finally secure the software supply chain
One of the reasons why supply chain attacks are so successful, Bocek
believes, is because developers force innovation and speed, putting security in the back seat. Unfortunately, security teams rarely have the knowledge or the resources to help developers solve these problems and CIOs are just
waking up to these challenges, he added.
To tackle these challenges, Venafi found, most CIOs (68%) are implementing additional security controls, while 57% are updating their review processes. Just above half (56%) are expanding their use of code signing, while 47% are looking at the provenance of their open-source libraries. Keep your business protected with the best endpoint protection software
======================================================================
Link to news story:
https://www.techradar.com/news/most-businesses-remain-woefully-unprepared-for- the-next-major-supply-chain-attack/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)