Cloud proliferation to raise business risk in 2020: Report
Bengaluru, Nov 25 (IANS) Organizations will see growth at risk from their Cloud and the supply chain in 2020, warns a new report from cybersecurity firm Trend Micro.
Attackers will increasingly go after corporate data stored in the Cloud via code injection attacks such as deserialisation bugs, cross-site scripting and SQL injection, said the report titled “The New Norm: Trend Micro Security Predictions for 2020”.
They will either target Cloud providers directly or compromise third-party libraries to do this.
In fact, the increasing use of third-party code by organizations employing a DevOps culture will increase business risk in 2020 and beyond.
“As we enter a new decade, organizations of all industries and sizes will increasingly rely on third party software, open-source, and modern working practices to drive the digital innovation and growth they crave,” Nilesh Jain, Vice President, Southeast Asia and India, Trend Micro, said in a statement.
“Our threat experts predict that this fast growth and change will bring new risks of supply chain attacks. From the Cloud layer all the way down to the home network, IT security leaders will need to reassess their cyber risk and protection strategy in 2020,” Jain said.
Compromised container components and libraries used in serverless and microservices architectures will further broaden the enterprise attack surface, as traditional security practices struggle to keep up.
Managed service providers (MSPs) will be targeted in 2020 as an avenue for compromising multiple organizations via a single target.
They will not only be looking to steal valuable corporate and customer data, but also install malware to sabotage smart factories and extort money via ransomware, the report warned.
The new year will also see a relatively new kind of supply chain risk, as remote workers introduce threats to the corporate network via weak Wi-Fi security.
Additionally, vulnerabilities in connected home devices can serve as a point of entry into the corporate network.