New research has revealed 80% of IT security professionals and developers are not confident in their ability to defend against a supply chain attack – despite overwhelmingly agreeing that more are on the way this year.
Venafi unveiled the findings of a global survey that evaluates the impact of the SUNBURST, CodeCov and REvil attacks on how development organisations are changing their approach to securing software build and delivery environments. The survey evaluated the opinions of over 1,000 information security professionals, developers and executives in the IT and software development industries.
According to Venafi’s survey, respondents nearly unanimously agree (97%) that the techniques and procedures used to attack SolarWinds software development environment will be reused in new attacks this year.
Despite this certainty, there is no alignment between security and development teams on which team should be responsible for improving security in the software build and distribution environments.
For example, when asked who is primarily responsible for improving the security of their organisation’s software development environments, 48% of respondents say their security teams are responsible and 48% say their development teams are responsible.
“While the SUNBURST attack on SolarWinds was not the first of its kind, it was certainly one of the most serious so far,” says Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “
SUNBURST made it absolutely clear that every organisation must take urgent, substantive actions to change the way we secure software build pipelines,” he says.