Cybersecurity Leadership

Cloud misconfigurations, more sophisticated ransomware, and exploitation of vendors are contributing to rising cyberattacks.

Unlike the majority of supply chain disruptions, cyber-based threats like ransomware can cause sudden and systemic impacts to organisations or the wider ecosystem. They can be prolonged – beyond what is contemplated in most business continuity plans. These characteristics set them apart from traditional disruptions such as labour and raw material shortages, or power outages.

How can companies apply rigor when evaluating the security of their software vendors and managed service providers? 

Uneven maintenance practices and developers' willingness to download risky code have made open-source repositories a favored initial access tactic for attackers.

When you just keep filing it away to handle "someday," security debt typically rears its head when you are most vulnerable and can least afford to pay it.

With more organizations sharing data with more third-party vendors, it shouldn't be surprising that more than 50% of security incidents in the past two years have stemmed from a third-party with access privileges, according to a CyberRisk Alliance report.

Employee negligence and error are among the most significant cybersecurity liabilities for companies in the supply chain sector. Here are some pointers on how companies can empower employees to defend supply chains.

A study from IT major TCS shows only 16% of the CROs and CISOs ranked digital ecosystems as a concern.

Third-party security assessments can be confusing, especially when they produce different conclusions. Find out how to make sense of conflicting results.

Between pressure to maintain business continuity and exceed profits amid inflation and global supply chain issues, organizations across industries have a lot to contend with. This focus elsewhere can lead to threat actors slipping under the radar more easily while also making a big splash.

In the shadow of ransomware, supply chain attacks are currently underrepresented in the national dialogue, but they have quietly become the next big wave of insidious attacks against American businesses.

In 2022, supply chain cyberattacks will continue to increase, and Zero Trust will gain adoption, among other security trends.

Corporate boards are increasingly concentrating on cybersecurity issues. Here’s how to ensure they focus on third-party risk, too.

Security isn't just for your organisation, you also need to get closer to your suppliers, especially those providing critical services.

Continuously evaluating and updating your third-party risk assessment can improve your security posture and ensure your company doesn't have the next headline-making incident.

Frameworks for software supply chain security have matured and given security teams methods for how they approach policies and oversight.

The SEC has been clear that proper risk management and timely cyber incident disclosures protect investors and other stakeholders. The regulators may make an example out of SolarWinds and its leadership at the time of the Orion incident to set the tone for the importance of software supply chain security.

Looking back at 2022, it is interesting to reflect on the trends that characterized the threat landscape and think about what we might expect in the coming year and where organizations should focus their protective efforts.

Deglobalization warrants a hard look by development organizations, particularly when it comes to questions like insider threats and supply chain risks. 

So, if we’re not able to prevent a breach within cloud providers themselves, what can organizations do to protect themselves?

If anyone up or down the supply chain has access to your networks, data or internet connectivity, threat vectors may exist that comingle your vulnerabilities.

Far from only being an IT concern anymore, risk-altering cybersecurity decisions are now being made by people all over a company. Staying safe means security leadership positions need to change. 

Cybersecurity across the globe is in a constant state of conflict — a perpetual battle in which neither side gets the upper hand for long.

A cyberattack on Amsterdam-Rotterdam-Antwerp (ARA) will have cascading effects across Europe and shows collaboration is needed to challenge future attacks.

Software supply chain attacks will continue to be successful as long as the chasm between software development teams and info security teams persists.