Third-party libraries, container components and even remote workers represent a major supply chain risk to organizations as they head into a new decade, according to Trend Micro.
The security giant’s new 2020 predictions report, The New Norm, warned of a growing cloud attack surface, as hackers focus their efforts on code injection attacks to steal sensitive information — either directly or via third-party libraries.
Continued user misconfigurations will exacerbate cloud security challenges, while developers’ reliance on third-party code could expose countless organizations, it continued.
The report highlighted shared container components containing vulnerabilities as exposing organizations to attacks across the IT stack.
The supply chain risk will extend to managed service providers (MSPs), especially those with multiple SMB customers, the report claimed.
Interestingly, Trend Micro also defined home and remote working environments as potential hotspots for supply chain attacks. This could cover everything from weak Wi-Fi security in public workspaces to smart home challenges posed by unsecured smart TVs, speakers and digital assistants.
“Connected home devices serving as a gateway for enterprise attacks is an unavoidable development considering how employees may find these convenient for work use as well,” the report noted. “Enterprises will have to decide on what information security policies to implement to deal with such scenarios.”
The security vendor recommended a cross-generational blend of tools and techniques to enable key controls including: behavioral monitoring; endpoint security; intrusion detection/prevention; managed detection and response; threat prevention and improved visibility.
This should be complemented by a renewed focus on due diligence of cloud providers, regular vulnerability scans of third-party code and components, and revised security policies for remote workers, it said.
“As we enter a new decade, organizations of all industries and sizes will increasingly rely on third-party software, open-source, and modern working practices to drive the digital innovation and growth they crave,” said Jon Clay, director of global threat communications for Trend Micro.
“Our threat experts predict that this fast growth and change will bring new risks of supply chain attacks. From the cloud layer all the way down to the home network, IT security leaders will need to reassess their cyber risk and protection strategy in 2020.”
Join Infosecurity on 9th January as we take an overall look at predictions for the new year and next decade. Register here