By Shrikrishna Dikshit
There has been a rise in the number of cyberattacks by exploiting inadequacies in the security controls around the software supply chain. Adversaries are using sophisticated techniques and exploiting vulnerabilities within supply chains in unprecedented ways. This uptick highlights the pressing need to bolster security protocols throughout the software supply chain.The primary motive for cyber adversaries to mount attacks of any nature is to gain access to sensitive and confidential information that they may then misuse to coerce organisations for financial gains or leak it on the dark web.
The most recent instance of data leakage that gained attention is the boAt incident in which data of over 7.5 million customers was leaked. Specific details of the breach are unknown at this point of time and the root cause of the incident is yet to be determined. The incident, however, highlights the importance of ensuring that customer data is secured via comprehensive security controls, which not only include controls in the individual organisation’s context but also adequate measures to safeguard the supply chain from any potential risks.
Also Read Rooftop solar: Chasing the sun Internet economy should embrace NaaS Fifth column by Tavleen Singh: Robin Hood economics Trading with Pakistan
This has become even more crucial, following the enactment of the Digital Personal Data Protection Act in 2023.Over the past few years, there have been many instances of cyber adversaries targeting the supply chain. The most famous one was the SolarWinds breach in 2020, when hackers compromised the American firm’s software updates, granting them backdoor access to thousands of companies and government agencies. Another incident occurred in 2023 — Okta, a company which provides identity and access management, was breached, leading to the disclosure of sensitive tokens.
Also Read
Insurtech startups capitalise on soaring cybersecurity risks
These were used for breaches in a software company, Cloudflare.The most recent instance, which was uncovered in late March, was the attack on the XZ Utils backdoor. XZ Utils is a vital data compression tool widely integrated into Linux distributions. There are several Linux versions that have been affected by the vulnerability. The backdoor may lead to unauthorised system access, denial-of -service, and data tampering/exfiltration.Strategies for defenceWhile the rise in these attacks is unprecedented and disconcerting, certain strategies are available for organisations to remain vigilant and proactive. Conducting thorough risk assessments of third-party vendors and suppliers is essential to identify potential vulnerabilities and evaluate their security posture.
They should also implement robust vendor management processes, including due diligence checks, security assessments, and contractual agreements that outline security requirements and responsibilities.Adhering to cybersecurity best practices, such as regular security updates and patches, strong authentication mechanisms, and employee awareness training to reduce the likelihood of successful attacks should be inculcated in regular practice. This can be supported by providing ongoing cybersecurity awareness training to employees, contractors, and third-party vendors to educate them about the risks of supply chain attacks and how to recognise and report suspicious activities. On the organisation’s side, collaborating with trusted third-party security firms or internal teams to perform these tests, ensuring a thorough and objective evaluation of security controls and incident response capabilities, can be adopted.
Moreover, implementing secure software development practices, including secure coding standards, code reviews, and vulnerability assessments, to mitigate the risk of supply chain attacks through compromised software components or libraries will complete this process.Overall, a zero-trust approach to security must be embraced, which assumes that no entity, whether inside or outside the organisation’s network, should be trusted by default. A comprehensive business continuity and disaster recovery plan should be in place that accounts for supply chain disruptions.Power of collaborative defenceIt is extremely important to collaborate with other organisations and entities to effectively mitigate the risks associated with supply chain attacks like the one affecting XZ Utils.
The organisation must identify and nominate individuals to actively participate in the security community. Communities bring together diverse perspectives, experiences, and expertise from various stakeholders, including cybersecurity professionals, researchers, vendors, and users. By sharing knowledge and insights, the community can collectively identify emerging threats, vulnerabilities, and best practices for mitigating supply chain risks.A collaborative community can serve as an early warning system for supply chain attacks, enabling rapid detection and response to emerging threats. By sharing threat intelligence and indicators of compromise, community members can help each other identify and mitigate supply chain attacks before they cause widespread harm.
Lessons learnedThe incident of supply chain attacks, such as the one affecting XZ Utils, underscores several key lessons that organisations and the cybersecurity community can learn. Organisations must recognise the inherent risks associated with third-party vendors, suppliers, and software dependencies in their supply chain. This incident highlights the potential for attackers to exploit vulnerabilities in trusted software components, underscoring the need for heightened awareness and proactive risk management strategies.
Software supply chain security is a critical component of the overall cybersecurity posture. Organisations must prioritise the security of software components and dependencies, including rigorous vetting of third-party vendors, regular security assessments, and secure software development practices. Traditional security measures may not be sufficient to detect and mitigate supply chain attacks effectively. Organisations must invest in advanced threat detection and response capabilities, including real-time monitoring, threat intelligence analysis, and incident response readiness, to detect and respond to supply chain attacks promptly.
Engaging in pre-emptive detection and response to possible breaches via penetration testing, red team assessment, breach attack simulations, etc. is important to continuously review the effectiveness of the organisation’s security controls. Collaboration within the cybersecurity community is essential for addressing supply chain attacks effectively. Organisations should actively participate in industry alliances, and other community-based initiatives to share threat intelligence, best practices, and lessons learned to collectively strengthen defences against common adversaries and tactics.
With inputs from Asif Balasinor, associate director, Nangia Andersen
Shrikrishna Dikshit, Partner-Cyber Security, Nangia Andersen India
By Shrikrishna Dikshit
There has been a rise in the number of cyberattacks by exploiting inadequacies in the security controls around the software supply chain. Adversaries are using sophisticated techniques and exploiting vulnerabilities within supply chains in unprecedented ways. This uptick highlights the pressing need to bolster security protocols throughout the software supply chain.The primary motive for cyber adversaries to mount attacks of any nature is to gain access to sensitive and confidential information that they may then misuse to coerce organisations for financial gains or leak it on the dark web.
The most recent instance of data leakage that gained attention is the boAt incident in which data of over 7.5 million customers was leaked. Specific details of the breach are unknown at this point of time and the root cause of the incident is yet to be determined. The incident, however, highlights the importance of ensuring that customer data is secured via comprehensive security controls, which not only include controls in the individual organisation’s context but also adequate measures to safeguard the supply chain from any potential risks.
This has become even more crucial, following the enactment of the Digital Personal Data Protection Act in 2023.Over the past few years, there have been many instances of cyber adversaries targeting the supply chain. The most famous one was the SolarWinds breach in 2020, when hackers compromised the American firm’s software updates, granting them backdoor access to thousands of companies and government agencies. Another incident occurred in 2023 — Okta, a company which provides identity and access management, was breached, leading to the disclosure of sensitive tokens.
These were used for breaches in a software company, Cloudflare.The most recent instance, which was uncovered in late March, was the attack on the XZ Utils backdoor. XZ Utils is a vital data compression tool widely integrated into Linux distributions. There are several Linux versions that have been affected by the vulnerability. The backdoor may lead to unauthorised system access, denial-of -service, and data tampering/exfiltration.Strategies for defenceWhile the rise in these attacks is unprecedented and disconcerting, certain strategies are available for organisations to remain vigilant and proactive. Conducting thorough risk assessments of third-party vendors and suppliers is essential to identify potential vulnerabilities and evaluate their security posture.
They should also implement robust vendor management processes, including due diligence checks, security assessments, and contractual agreements that outline security requirements and responsibilities.Adhering to cybersecurity best practices, such as regular security updates and patches, strong authentication mechanisms, and employee awareness training to reduce the likelihood of successful attacks should be inculcated in regular practice. This can be supported by providing ongoing cybersecurity awareness training to employees, contractors, and third-party vendors to educate them about the risks of supply chain attacks and how to recognise and report suspicious activities. On the organisation’s side, collaborating with trusted third-party security firms or internal teams to perform these tests, ensuring a thorough and objective evaluation of security controls and incident response capabilities, can be adopted.
Moreover, implementing secure software development practices, including secure coding standards, code reviews, and vulnerability assessments, to mitigate the risk of supply chain attacks through compromised software components or libraries will complete this process.Overall, a zero-trust approach to security must be embraced, which assumes that no entity, whether inside or outside the organisation’s network, should be trusted by default. A comprehensive business continuity and disaster recovery plan should be in place that accounts for supply chain disruptions.Power of collaborative defenceIt is extremely important to collaborate with other organisations and entities to effectively mitigate the risks associated with supply chain attacks like the one affecting XZ Utils.
The organisation must identify and nominate individuals to actively participate in the security community. Communities bring together diverse perspectives, experiences, and expertise from various stakeholders, including cybersecurity professionals, researchers, vendors, and users. By sharing knowledge and insights, the community can collectively identify emerging threats, vulnerabilities, and best practices for mitigating supply chain risks.A collaborative community can serve as an early warning system for supply chain attacks, enabling rapid detection and response to emerging threats. By sharing threat intelligence and indicators of compromise, community members can help each other identify and mitigate supply chain attacks before they cause widespread harm.
Lessons learnedThe incident of supply chain attacks, such as the one affecting XZ Utils, underscores several key lessons that organisations and the cybersecurity community can learn. Organisations must recognise the inherent risks associated with third-party vendors, suppliers, and software dependencies in their supply chain. This incident highlights the potential for attackers to exploit vulnerabilities in trusted software components, underscoring the need for heightened awareness and proactive risk management strategies.
Software supply chain security is a critical component of the overall cybersecurity posture. Organisations must prioritise the security of software components and dependencies, including rigorous vetting of third-party vendors, regular security assessments, and secure software development practices. Traditional security measures may not be sufficient to detect and mitigate supply chain attacks effectively. Organisations must invest in advanced threat detection and response capabilities, including real-time monitoring, threat intelligence analysis, and incident response readiness, to detect and respond to supply chain attacks promptly.
Engaging in pre-emptive detection and response to possible breaches via penetration testing, red team assessment, breach attack simulations, etc. is important to continuously review the effectiveness of the organisation’s security controls. Collaboration within the cybersecurity community is essential for addressing supply chain attacks effectively. Organisations should actively participate in industry alliances, and other community-based initiatives to share threat intelligence, best practices, and lessons learned to collectively strengthen defences against common adversaries and tactics.
With inputs from Asif Balasinor, associate director, Nangia Andersen
Shrikrishna Dikshit, Partner-Cyber Security, Nangia Andersen India
Get live Share Market updates, Stock Market Quotes, and the latest India News and business news on Financial Express. Download the Financial Express App for the latest finance news.
The Ministry of Railways recently shared a tweet showcasing the Vande Bharat Express gliding through picturesque landscapes in Thrissur, Kerala. This state-of-the-art train, designed and manufactured domestically, represents a significant leap in India’s railway infrastructure. With its futuristic design, advanced technology, and top speed of 160 kmph.
login
who are we?
contact us
qosheapp
Toi Staff
Gideon Levy
Belen Fernandez
Rami G Khouri
Mort Laitner
Rachel Marsden
Donald Low
Bradley Blankenship
Ali Fathollah-Nejad
Nikkei Editorial
Abbas Juma
Michael Kwet
visit website
