CIOs largely believe their software supply chain is vulnerable

2022-05-31 13:00

Ask 1,000 CIOs whether they believe their organizations are vulnerable to cyberattacks targeting their software supply chains and about 82 percent can be expected to say yes.

"The results show that while CIOs understand the risk of these types of attacks, they have yet to grasp the fundamental organizational changes and new security controls they will need to incorporate into their security posture to reduce the risk of supply chain attacks that can be devastating to themselves and their customers," says Venafi's report, which was released on Tuesday.

Blame SolarWinds, Codecov, and Kaseya - companies that had their corporate software build tools compromised in sophisticated attacks that affected their customers - not to mention the past five years of poisoned packages at popular open-source software registries.

"And as a result, software development environments have become a huge target for attackers. Hackers have discovered that successful supply chain attacks are extremely efficient and more profitable."

Over the past two years, these attacks have made waves in Washington, leading to federal efforts to strengthen the security of the software supply chain.

Some 95 percent of infosec teams have been given authority over the security controls applied to the software supply chain.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/05/31/cio_supply_chain/

#CIO #supplychain