Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Balancing Innovation and Security: How Offensive Security Can Help Navigate the Tech Industry’s Dual Challenges

Two of the greatest threats facing technology-focused organizations are their often-quick adoption of new technologies, such as artificial intelligence (AI), without taking security measures into consideration and a very high reliance on third-party vendors to operate their businesses.

These two facts are reported on in detail in the recently released report Trustwave SpiderLabs' 2024 Technology Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies. For technology organizations especially, building security and testing into the Software Development Lifecycle( SDLC) is imperative to ensure an offensive approach to security. Incorporating a robust offensive security program can help uncover and mitigate many of the issues in this sector before they cause a disruption in service, or worse, halt operations.

Recent breaches illustrate the severity of the threat. In December 2022, multiple cyberattacks on LastPass, a password management company, included one third-party breach, compromising millions of customer password vaults. In October 2023, hackers stole data from US access and identity management giant Okta's entire client base during a breach of its support systems. Finally, Trustwave SpiderLabs identified a case where an AI chatbot exposed sensitive data due to incomplete testing.

 

When Security Takes a Backseat to Progress

The relentless drive for innovation in the tech industry can sometimes compromise security. Rushing to introduce new features, such as AI, may result in shortcuts like integrating untested components. These components lack thorough evaluation for vulnerabilities, potentially creating backdoors for attackers. Picture a new car boasting a powerful engine but with faulty brakes – it may be speedy, but it's also perilous.

Prioritizing robust security measures shouldn't be an afterthought. It must permeate every stage of the software development lifecycle. Delaying security considerations until later stages is akin to attempting to fortify a house with a shaky foundation – a challenging and costly endeavor.

The case highlighted by SpiderLabs exemplifies this issue, where an AI chatbot exposed sensitive data due to inadequate testing. This underscores a broader problem: the integration of AI into software without a comprehensive analysis of its security implications.

Stringent security practices throughout development are essential. Identifying vulnerabilities during the coding and testing phases is far more manageable than addressing them post-production. The difficulty in patching products reliant on insecure components is evident in the persistence of outdated and vulnerable packages within software repositories.

Despite the immense potential of AI, security concerns persist. For instance, users exploiting a car dealership's AI chatbot to access irrelevant information exemplifies "business logic flaws," which often elude traditional security testing tools. Addressing these flaws necessitates specialized testing approaches that account for the specific logic underpinning the AI component.

  • Integrate security practices into every stage of the SDLC, from initial design through coding, testing, deployment, and maintenance.
  • Identify and assess potential security threats early in the development process.
  • Train developers in secure coding practices to minimize vulnerabilities introduced during coding.
  • Utilize automated tools to scan code for vulnerabilities throughout development.
  • Conduct regular penetration testing to identify and exploit vulnerabilities before attackers do.

 

Supply Chain Attacks on the Rise

Supply chain attacks are on the rise, with attackers shifting focus from directly targeting major companies to exploiting a more vulnerable link: trusted third-party vendors. This strategy resembles a domino effect, wherein compromising one vendor can trigger a chain reaction affecting numerous businesses.

Why are these third-party vendors attractive targets? They often have weaker cybersecurity defenses, making them susceptible to attack. Threat actors exploit these vulnerabilities to gain access to the data of larger companies that rely on these vendors. When these vendors have unpatched vulnerabilities and lack robust data breach protocols, they become wide open to exploitation, posing a significant threat to the entire tech industry.

The recent surge in supply chain attacks underscores the lucrative rewards for attackers. But what makes these attacks particularly risky in the tech realm? Unlike other industries, many tech companies play dual roles as both suppliers and consumers. Their products and services serve as building blocks for larger systems, potentially introducing security flaws. Moreover, tech companies heavily rely on a multitude of third-party technologies, further complicating the landscape.

This interdependency raises concerns, particularly in sectors with intricate supply chains, such as software publishing and infrastructure provision. Recent incidents involving Kaseya, MOVEit, SolarWinds, and 3CX illustrate how compromising a single vendor can disrupt entire industries. Ensure supply chain security is top of min by:

  • Conducting security assessments before working with vendors and providing accurate security information if you're a vendor.
  • Including strict security clauses in contracts requiring regular audits, breach notifications, and data protection compliance.
  • Regularly auditing vendor security practices and conducting vulnerability assessments and penetration testing.
  • Enforcing access controls, change control, and security checks throughout development pipelines.
  • Encrypting sensitive data at rest and in transit, implementing least privilege access, and monitoring access logs.
  • Ensuring both parties comply with relevant data privacy regulations based on location and data type.
  • Providing regular training on cybersecurity hygiene to empower employees to defend against attacks.

 

Trustwave Offensive Security

The fact that these two issues stand out as problematical for the tech industry underscores the fact that even the most advanced, tech-savvy firms face the same problem as a mom-and-pop company working out of their basement. Each has flaws that must be found and addressed.

Operating a robust offensive security program, with tactics like penetration testing and red teaming, is one of the best methods for detecting these issues before they become major problems.

As a leading provider of offensive security, Trustwave Consulting and Professional Services possesses all the tools necessary to conduct an effective review of a client's security program. Our team addresses key pain points by efficiently identifying and prioritizing vulnerabilities and offering expert advice and mitigation services. Trustwave CPS provides long-term support that goes beyond simply preventing attacks, helping organizations improve their overall security posture, enhancing resilience and recovery capabilities.

2024-Tech-Threat

 

Latest Trustwave Blogs

Using Trustwave DbProtect and Offensive Security Solutions to Protect Against Nation-State Cyber Threats

The US Director of National Intelligence (DNI) earlier this month gave a stark warning to the Senate Armed Services Committee detailing the cyberthreats arrayed against the US and the world from...

Read More

Defending the Energy Sector Against Cyber Threats: Insights from Trustwave SpiderLabs

It has always been clear, even before the Colonial Pipeline attack, that the energy sector is a prime target for not only criminal threat groups, but also nation-state actors. After all, halting fuel...

Read More

Trustwave SpiderLabs Unveils the 2024 Public Sector Threat Landscape Report

Trustwave SpiderLabs’ latest report, the 2024 Public Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies details the security issues facing public sector...

Read More