From the newest malware that poses a cybersecurity threat to organizations in the backdrop of the current Ukraine-Russia war and economic crisis to the need for integrating global threat intelligence into defensive security protections, to why a Zero Trust framework may be critical to companies, Siddharth Deshpande, Field CTO – Cloud Security for the Asia Pacific, Palo Alto Networks gets candid about how the global transport and logistics sector can protect itself increasing cyberattacks and security breaches.
What can you tell us about the vulnerability aspect of a company’s supply chain? Can you pinpoint any recent attacks in the last 5 years that have exposed the vulnerability of supply chains?
The supply chain is an integral network that connects an organization with its third-party vendors and suppliers, and even the end consumer. From a software supply chain standpoint, this network comprises two broad elements – the various application and infrastructure components that make up cloud-native applications and the pipeline that builds and delivers these components into a working application environment.
Consequently, this provides multiple entry points for cyber-attackers to gain access to a company’s network, leaving the lifeblood of a business open to breach. To prevent any potentially drastic upheavals, protecting the supply chain is an important prerequisite for organizations looking to enhance their cybersecurity infrastructure.
There are several potential vulnerabilities to account for when we consider the supply chain. For instance, when it comes to software supply chains, an internal factor could be when the security built into the software during development is weak. Any chinks in the armor can be exploited here to attack company networks and devices. An external factor, and a very common one, is when an unnoticed attack on a third-party supplier eventually bleeds into a company’s systems. Such attack processes usually have long planning cycles where bad actors infect software in the development stage, so when the final product reaches a particular enterprise or its end consumers, the malware can be triggered to extract precious data. Such attack plans are also used against critical infrastructures and government bodies with the most notable example being the SolarStorm attack in December 2020.
A previous press release from Palo Alto Networks cited that Gartner predicts that “by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021.” How can organizations better prepare against this risk.
Software supply chain attacks are carefully orchestrated and highly impactful. With the world moving online in the hybrid work era, the risk of cyberthreats coming through the supply chain has increased considerably. As attackers formulate these threats in the initial stages of software development and wait for them to mature over time, developing strong security guidelines in-house is necessary. Incorporating DevSecOps or “shift-left security” can be instrumental here. DevSecOps ensures that software is tested for security problems before it goes public, allowing IT teams to plan for any security issues that might appear after deployment.
Additionally, checking for and eliminating threats at the Application Program Interface (API) level can prevent any detrimental misconfigurations and mitigate the risk of data leaks. Limiting third-party access to data can also be effective in maintaining the sanctity of the software supply chain. Should a threat still make its way to the network within the final software, detecting it, tracing it to its source, and eliminating it before it can cause disruption is also crucial. This is the central function of our Prisma Cloud Supply Chain Security offering.
What organizational changes need to be considered when it comes to safeguarding against cyberattacks by organizations?
Enterprises must, first and foremost, approach cybersecurity proactively – cyber attacks can be much more devastating if IT teams are underprepared. Additionally, putting a Zero Trust framework at the core of cybersecurity solutions is critical. Zero Trust operates on the assumption that any entity within the network could potentially set off an attack at any time. Therefore, it restricts data access to the bare essentials and ensures that all users and devices are validated constantly.
With hybrid working becoming the norm, and multiple Clouds and devices (both corporate and personal) becoming a part of the company network, organizations must also look at prioritizing network segmentation. Lastly, adopting a platform model that provides complete visibility and control of the network and brings network, cloud, and endpoint security onto one unified plane, is essential for threat intelligence and management.
A previous release from Palo Alto Networks mentioned that Unit 42’s recent ‘Cloud Threat Report’ involved a team conducting a red team exercise against a software supply chain and found that access to overly permissive credentials made the system vulnerable to CI pipeline poisoning? How can this risk be mitigated by companies?
Container Image (CI) pipeline poisoning, as also seen in course of our red team exercise, occurs very early on in the supply chain attack process warranting the need for early identification of any suspicious or malicious operations. As recommended earlier, shifting security left is the most efficient workaround for this. Additionally, giving developers access to only specific repositories relevant to their work significantly cuts down the risk of any outside interference.
Putting security measures in place to limit the access and download capabilities of repositories outside of developers’ working requirements is essential as well. On the Cloud front, organizations must implement cloud platform detection rules for sensitive API requests originating from outside the home network range. In most cases, confirmed access to certain sensitive APIs only takes place internally, and therefore any external access should immediately be deemed suspicious.
Who are some of the users of Prisma Cloud?
Our global clientele for Prisma Cloud includes Sabre, Salesforce, and Thomson Reuters among many other Fortune 500 companies.
Are there any estimates as to the value of global transport and logistics companies reporting losses following cyber-attacks?
While digital transformation in the global transport and logistics domain is proving to be a blessing, the resulting torrent of structured and unstructured data is making companies within the sector a prime target for cybercriminals. All elements of the supply chain are merging with the Cloud, thus generating serious cybersecurity risks for all parties involved. Since the industry is dependent on a complex mesh of people, processes, infrastructures, and applications, long-term security strategies will be necessary to provide holistic protection.
A risk-based approach that analyses all users and devices from the top-down must be at the core of these strategies. The industry must also come together to address the IoT threat. Due to the rapid adoption of IoT and IT solutions, the T&L industry is facing an increase in threat vectors on a global scale making confidential data vulnerable to theft. As T&L companies work with very large ticket sizes, any breach here could open companies up for ransomware attacks, severely compromising finances, and data. Network segmentation is the solution here as it isolates new IoT devices from traditional IoT devices and also helps in distancing IT from OT. So, in case an IoT device is breached, only one segment is impacted, giving IT teams time to further distance unaffected segments.
Has the pandemic and the current geopolitical climate seen more companies rush to secure their networks?
Cyberattacks and security breaches have continued unabated during the pandemic. Users and applications are now increasingly outside of organizations’ physical control, increasing the attack surface, particularly for organizations still using legacy security approaches. Cyberattacks can also happen for more than monetary gain, driven by nation-state activity aimed at disruption of essential services and digital infrastructure.
Over the past several weeks, Unit 42, the threat intelligence team at Palo Alto Networks, has seen Russia-Ukraine cyber activity escalate substantially. It is crucial that Indian organizations take the necessary precautions on the cyber front as they could lose valuable data and finances in the form of collateral damage. Even as the cybersecurity landscape continues to evolve, attackers like to reuse successful attack methods against other targets opportunistically. Their initial point of access usually is an insider, a compromised device, or stolen credentials – this makes it imperative for organizations to have a full zero-trust security posture that removes implicit trust from all parts of their application/networking infrastructure.
What are some of the newer technologies and threats when it comes to Cyberattacks that organizations and businesses should be wary about especially in the context of the Russia-Ukraine war and the unfolding humanitarian and economic crisis being witnessed right now?
WhisperGate and HermeticWiper are two destructive malwares that have been making the rounds since the Russia-Ukraine flare-up earlier this year. Both malwares work undetected on targeted devices to corrupt files and render the devices inoperable.
How does the Prisma Cloud Supply Chain Security work and what are some of its features?
Prisma Cloud Supply Chain takes a full stack, full lifecycle approach to securing supply chain pipelines. First, it resolves any vulnerabilities brought in by open-source components, which is common in most modern applications at the coding stage. For any security issues identified, Prisma Cloud provides fix suggestions to empower developers to secure their own code. Subsequently, at the build stage, Prisma Cloud expands past the components to put checks and guardrails within pipelines. This ensures that only secure code is integrated into repositories, and secure container images make it into trusted registries.
Additionally, Prisma Cloud checks the integrity of the Version Control System (VCS) and CI/CD pipelines themselves and ensures that correct branch protections are in place to prevent code tampering attacks. At the deployment stage, a secure supply chain will have a final gate for admission into a running environment. Here Prisma Cloud’s admission controller and integration with cloud-native technologies like Open Policy Agent (OPA) become the final line of defense to prevent insecure configurations. Also, Prisma Cloud enforces that only trusted images are pulled from registries into production. This prevents image poisoning attacks. At the run stage, all of those components should continuously be monitored for newfound misconfigurations and vulnerabilities. Prisma Cloud provides a fast feedback loop to quickly provide vulnerability discoveries and remediation guidance to go back to the code and patch dependencies fast. This brings down the time taken for threat detection from hours to seconds and is also extremely effective in neutralizing zero-day threats.
How can the transport and logistics sector brace up and prepare itself for such future cyberattacks? Do mention any good practices being followed by any organization or country in this regard.
Cybercrimes in this sector can send shockwaves across borders, making it a global issue that requires attention from multiple public and private sector bodies. Therefore, cross-border collaboration between governments and corporations where information on cyber threats and security solutions is shared freely can create stronger resistance to cybercrime globally. Cybersecurity service providers can also play a key role here by working closely with governments to create cybersecurity awareness for enterprises and citizens. For instance, in Singapore, various government agencies developed the SG Cyber Safe Seniors Programme to educate seniors on cybersecurity and cyber hygiene practices. The Monetary Authority of Singapore (MAS)’s Cyber Security Advisory Panel also specifically supported the adoption of Zero Trust security principles and architecture to tackle advanced cyberthreats.