Why It’s Important To Control Devices Holding Company Data – Technologist
At Neuways, we are dedicated to helping businesses stay secure in an increasingly vulnerable digital landscape. Recently, a major cyber security incident has highlighted the need for vigilance in software supply chain security, particularly when it comes to devices holding company data. Up to three million iOS and macOS applications were exposed to potential supply chain attacks due to a remote code execution (RCE) vulnerability in CocoaPods, a widely-used package manager for Swift and Objective-C projects. Below, we explain a little more about the cyber attack and discuss what processes could have been in place to help prevent it.
How long has the cyber vulnerability been around?
This vulnerability, which has existed since 2015, was swiftly patched once it was discovered, but it may have been too late for many businesses that offer company devices to employees, which, therefore, are devices that hold company data.
If exploited, it could have allowed attackers to manipulate package downloads and potentially inject malicious code into any app using CocoaPods. The exposure of CocoaPods’ keys meant attackers could have tampered with dependencies, posing significant risks to millions of mobile applications. Whilst mobile apps are not always dangerous if the right cyber security processes are in place, reducing and removing the ability to download applications on devices is vital.
Supply Chain attacks that affect Manufacturing and Logistics
Supply chain attacks are particularly concerning because they target the foundational components of software development, affecting a wide range of applications and end-users. Manufacturing and logistics companies are often affected by supply chains, as they are the main target. It is vital that they have the right IT support and Cyber Security processes in place, especially Network Security, as highlighted in our literature on Industry 4.0. Warehouse managers and even drivers will often have work devices. This means that they will likely possess devices holding company data, meaning they will be the targets of cyber criminals.
Similar to the infamous XcodeGhost incident, where a counterfeit version of Apple’s development environment compromised numerous apps, the CocoaPods vulnerability underscored how deeply such breaches can infiltrate.
At Neuways, we emphasise the importance of robust cyber security measures and continuous monitoring of all software components used in development. Endpoint security is so important, as is mentioned in the Cybersafe Digest podcast. Our comprehensive security solutions ensure that businesses are protected against such vulnerabilities, keeping their operations and data secure.
Help on restricting devices holding company data
For more details on how to protect your business from supply chain attacks, visit our website or contact us for a consultation. Our IT experts are always able to provide the answers you need. With years of experience, we can help you protect your business, by advising on restricting what apps can be installed on devices holding company data.