Last week, HackerOne joined WhiteSource, AWS, and IGT for a roundtable discussion about the new security challenges of digital transformation. Both existing organizations making the digital shift and those starting as digitally native face a continually evolving digital ecosystem. They need a modern security strategy to meet changing demands and vulnerabilities. According to a Ponemon Institute/CyberGRX 2020 survey, 82% of technology leaders attributed at least one data breach to digital transformation. While digital transformation benefits an organization's employees, customers, and bottom line, it also means greater cyber risk.
Bad actors capitalize on modern development processes. The 2020 SolarWinds attack, impacting over 250 organizations, highlighted the severe impact of software supply chain attacks. These vulnerabilities persist, and new ones emerge in digital-first and digitally native organizations. Today's security teams need increased visibility, expertise, and scalability to succeed in a digital transformation.
Our recent roundtable took a closer look at digital transformation cybersecurity challenges. Our panel of experts included Rhys Arkins, Director of Product Management at WhiteSource; Michiel Prins, Co-Founder and Product Lead at HackerOne; Scott Ward, Principal Solutions Architect at AWS; and Dragan Pleskonjic, Senior Director Application Security at IGT.
Here are some of the highlights from their discussion:
For many organizations, the move to cloud is a balance between the benefit of agility and the need for security. Cloud migration can be part of rapid digital transformation, and migration teams often don't initially factor in security. Scott Ward from AWS says, “We try to guide customers to think outside the box about how to improve security and to build in security-by-design when moving to cloud.” By including security teams in DevOps processes, security and control improve.
Software Supply Chain Security
IGT's Dragan Pleskonjic pointed out that malicious actors adapt to changing attack surfaces and are adept at surveilling software supply chain or open source code weaknesses. One effective way to address software supply chain security and find vulnerabilities therein is with human expertise and hacker-powered security. Notably, a recent study found a 259% increase in the use of open source components over the past five years.
HackerOne's Michiel Prins described the Department of Defense's (DoD) Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP) Pilot. This VDP allows hackers to find vulnerabilities in defense contractor partner information systems, web properties, and other identified scoped assets. The DIB-VDP is a proactive approach to the DoD's extensive software supply chain with the potential to improve contractor security as well.
As roundtable host WhiteSource's Rhys Arkins pointed out, digital transformation means greater cyber risk, and data loss incidents are to be expected. But, a proactive approach can mitigate your risk.
Thank you to our host, WhiteSource, and our panel of experts. We encourage you to watch the entire webinar here.