SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
AI
#
Cybersecurity
#
Malware

Organisations battle AI risks amid rise in supply chain attacks

Fri, 17th May 2024
Author image
By Catherine Knowles, Journalist

More than half of global organisations have experienced a software supply chain attack in the past twelve months, according to a new report by Synopsys and the Ponemon Institute. Notably, half these organisations spent over a month formulating a response to the attack, whilst a fifth of them admitted to being ineffective in detecting and responding to such threats.

The report, titled 'The State of Software Supply Chain Security Risk', further revealed that Artificial Intelligence (AI) is increasingly being used in the process of software development. It found that 52% of the security professionals surveyed said their development teams utilise AI tools to generate code. OpenAI Codex was used by 50% of respondents, followed by ChatGPT at 45%, and GitHub Copilot at 43%.

However, a worrying observation from the survey is the lack of protective measures being put in place by organisations utilising AI. A mere 32% of the respondents said that they have processes in place to evaluate AI-generated code for risks such as licensing, security, and quality. Additionally, critical aspects like strict vetting of AI-generated code and a formal evaluation of the training data used to train AI still appear to be largely overlooked by many entities.

The report elaborates on what it referred to as "AI data poisoning attacks" where bad actors could feed AI tools with harmful, malware-embedded code. As AI systems rely on datasets for training, an impure dataset could result in potentially disastrous consequences.

Jason Schmitt, general manager, Synopsys Software Integrity Group, emphasised the prevalent weaknesses in existing software development processes and security standards. He stated, "Attackers are getting more sophisticated and thus finding more weaknesses that allow them to explore a supply chain where they can steal sensitive data, plant malware, and control systems. Particularly with the rise of AI-generated code, security teams need to maintain visibility into applications and continuously evaluate IP, security threats, and code quality to reduce risk."

Lack of sufficient resources dedicated to securing the supply chain was cited by 38% of security professionals as a primary concern. This lack of support from organisational leaders and the related safety risks it potentially carries is giving rise to a significant vulnerability in the software development field.

The increased use of AI and the emerging new forms of threats may necessitate stronger cross-organisational collaboration and more refined tactics to mitigate risks. Otherwise, the trajectory of the current situation points towards a continual rise in software supply chain attacks.

The survey was conducted with 1,278 IT and IT security practitioners from North America, EMEA, and Japan who are committed to achieving a secure software supply chain and have some responsibility for their organisation’s software supply chain security strategy.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
APAC eCommerce businesses facing major bot threats
The Instillery partners with StrikeReady to boost ANZ cybersecurity
Zyxel Networks unveils new WiFi 6 security router for SMBs
Surge in cybercrime on Telegram highlights security concerns
NCSC's Malware Free Network disrupts 10 million cyber threats
Top stories
David Galloreese joins Datadog as new Chief People Officer
Kiwi intelligence agencies welcome human rights compliance review
Infinigate Group invests in Wavelink to expand into ANZ market
Cloudinary supports C2PA standard to combat fake media
HAProxy Technologies named leader 18 times in the G2 Summer 2024