Unit 42 Threat Report Shows The Full Scope Of Supply Chain Attacks In The Cloud

Unit 42 released a threat report from analyzed data from a variety of public data sources around the world to draw conclusions about the growing threats organizations face today in their software supply chains. In the analysis, Unit 42 found:

  • 63% of third-party code templates used in building cloud infrastructure contained insecure configurations.
  • 96% of third-party container applications deployed in cloud infrastructure contain known vulnerabilities.

Saumitra Das, CTO and Cofounder, Blue Hexagon had this to say:

     “Given business pressure on developer teams, it is impractical to assume you can harden yourself to be fully secure via IaC checking and vulnerability management. Organizations are unable to enforce IaC companywide and even known CVEs can take weeks and months to patch just on external facing workloads. Even simpler fixes like misconfigurations take days and weeks to fix even after detection. This report is in line with what we see at organizations trying to be secure in the cloud. The key is not to put all your eggs in the shift-left basket but perform continuous lifecycle threat detection and response in the cloud.”

Companies should have a look at this and take the advice of Saumitra to ensure that they stay safe and do not become the next headline.

Leave a Reply

%d bloggers like this: