Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Check those permission slips. Risky software delivery is targeting the virtual supply chain.
Daniel Krivelevich, CTO of AppSec at Palo Alto Network’s Prisma Cloud, told IT Brew that changes in how software is delivered and developed have driven threat actors to adapt.
“The reason why we are having this discussion is because there was a massive paradigm shift in relation to the way engineering is done,” Krivelevich said.
Watch your back. Increased flexibility and third-party integration for developers are trending. But IT security company Wiz noted the potential danger facing software supply chains, as well, in its 2023 Cloud Security Threat Report.
The report identified two main points of concern: identity-based risk and software-based risk. Hacking systems through identity and permissions infiltration allows threat actors to get inside organizations by disguising themselves as someone who belongs there.
Wiz found that companies give third-party vendors in the software space far more access than they should, heightening the chances for damage to the supply chain. The report found that 82% of companies give these vendors privileged roles, 76% permit third parties to completely take over accounts, and a whopping “90% of cloud security teams were unaware they had granted high privileges.”
Software and code-based attacks, on the other hand, implant code to extract information—as we saw in the SolarWinds and Log4Shell attacks.
“By compromising the third party, attackers can insert malicious code into their software, thereby abusing the trust relationship between vendor and customer,” Wiz reported. “As a result, attackers can gain initial access to thousands of otherwise secure organizations using that vendor’s products, all enabled through a single breach.”
Response time. Palo Alto’s Krivelevich told IT Brew that in his view, the best way for companies and IT teams to manage these threats is to outsource the work to enterprise security vendors.
For his own team, Krivelevich said, that means allowing them to “be in a position where we are providing the security, assurance, or confidence in the sense that we have the best researchers in the world here, continuously mapping the threat landscape, understanding what attackers are doing, understanding what defenders need.”
“We are doing this on a day to day basis,” Krivelevich said. “The research we do, it keeps on growing; we keep on adding new policies and new perspectives into the product.”