Third-Party Application Attacks: Lessons for the Next Frontier of Cybersecurity
Couldn't attend Transform 2022? Check out all the summit sessions in our on-demand library now! Look here.
Consider the following cybersecurity breaches, all occurring within the last three months: GitHub, the leading cloud-based source control service, discovered that hackers were taking advantage of stolen OAuth tokens issued to third-party applications to download data from dozens of customer accounts. ; Mailchimp, a leading e-marketing company, discovered a data breach where hundreds of customer accounts were compromised using stolen API keys; and Okta, the leading workforce authentication service, left 366 enterprise customers vulnerable after hackers exploited a security hole to gain access to internal networks.
These three incidents have one thing in common: they were service supply chain attacks, i.e. breaches in which attackers took advantage of access granted to services as a backdoor into sensitive corporate core systems.
Why this sudden cluster of associated attacks?
As digital transformation and the rise of cloud-based, remote or hybrid working continues, companies are increasingly integrating third-party applications into the fabric of their enterprise IT to facilitate productivity and streamline business processes. These integrated applications increase efficiency across the enterprise, hence their sudden rise in popularity. The same goes for low-code/no-code tools, which allow non-coder "citizen developers" to create their own advanced app-to-app integrations easier than ever before.
EventMetaBeat 2022
MetaBeat will bring together thought leaders to advise on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.
register hereSecurity and IT teams want to support the business in adopting these new technologies to drive automation and productivity, but they are increasingly understaffed and are overloaded. The rapid increase in new integrations between third-party cloud applications and core systems is putting pressure on traditional third-party review processes and security governance models, overwhelming IT and security teams and ultimately creating a new sprawling and largely unsupervised attack surface.< /p>
If these integrations proliferate without sufficient understanding and mitigation of the specific threats they pose, similar supply chain attacks are bound to occur. In fact, in 2021, 93% of businesses experienced a cybersecurity breach in some way due to third-party vendors or a weakness in the supply chain.
Here is why leaders need to deal with this new generation of supply chain cyberattacks and how.
The third-party app promise — and the problemThe proliferation of third-party apps is a double-edged sword: it delivers productivity, but also contributes to a sprawling new attack surface for the enterprise.
App marketplaces offering thousands of add-ons allow "non-technical" employees to freely and independently integrate various third-party applications into their individual work environments for the benefit of their own productivity, organization and efficiency . This adoption is driven by the rise of product-led growth, as well as the desire of individual employees to keep up with the accelerated pace of work processes around them. For example, a marketing operation...
Couldn't attend Transform 2022? Check out all the summit sessions in our on-demand library now! Look here.
Consider the following cybersecurity breaches, all occurring within the last three months: GitHub, the leading cloud-based source control service, discovered that hackers were taking advantage of stolen OAuth tokens issued to third-party applications to download data from dozens of customer accounts. ; Mailchimp, a leading e-marketing company, discovered a data breach where hundreds of customer accounts were compromised using stolen API keys; and Okta, the leading workforce authentication service, left 366 enterprise customers vulnerable after hackers exploited a security hole to gain access to internal networks.
These three incidents have one thing in common: they were service supply chain attacks, i.e. breaches in which attackers took advantage of access granted to services as a backdoor into sensitive corporate core systems.
Why this sudden cluster of associated attacks?
As digital transformation and the rise of cloud-based, remote or hybrid working continues, companies are increasingly integrating third-party applications into the fabric of their enterprise IT to facilitate productivity and streamline business processes. These integrated applications increase efficiency across the enterprise, hence their sudden rise in popularity. The same goes for low-code/no-code tools, which allow non-coder "citizen developers" to create their own advanced app-to-app integrations easier than ever before.
EventMetaBeat 2022
MetaBeat will bring together thought leaders to advise on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.
register hereSecurity and IT teams want to support the business in adopting these new technologies to drive automation and productivity, but they are increasingly understaffed and are overloaded. The rapid increase in new integrations between third-party cloud applications and core systems is putting pressure on traditional third-party review processes and security governance models, overwhelming IT and security teams and ultimately creating a new sprawling and largely unsupervised attack surface.< /p>
If these integrations proliferate without sufficient understanding and mitigation of the specific threats they pose, similar supply chain attacks are bound to occur. In fact, in 2021, 93% of businesses experienced a cybersecurity breach in some way due to third-party vendors or a weakness in the supply chain.
Here is why leaders need to deal with this new generation of supply chain cyberattacks and how.
The third-party app promise — and the problemThe proliferation of third-party apps is a double-edged sword: it delivers productivity, but also contributes to a sprawling new attack surface for the enterprise.
App marketplaces offering thousands of add-ons allow "non-technical" employees to freely and independently integrate various third-party applications into their individual work environments for the benefit of their own productivity, organization and efficiency . This adoption is driven by the rise of product-led growth, as well as the desire of individual employees to keep up with the accelerated pace of work processes around them. For example, a marketing operation...
What's Your Reaction?
