In this episode of Valorem Visions, our Security expert, Preston Flint, sheds light on the pressing issue of supply chain attacks and the critical need for proactive protection.
Transcript
Preston - So, supply chain attacks, much like all cybersecurity attacks, start with a normal breach. What makes them unique is that it's not just your company that's breached, it's now going to be the company that you provide software to. There's been a trifold increase in these attacks over the last year that's expected to continue to grow. The most concerning trend of all though, is the lack of awareness to these trends. We're seeing the same increase in all cyber security trends upward. Awareness is there for most types of attacks, but the supply chain attack in itself just isn't getting the love that we think it deserves.
So, we obviously produce software ourselves. It's very important for us, for our customers to know that we are taking the steps that are needed to protect their assets. What's also important is we're probably not the only person that our customers are getting software from. So, any third party that develops software and sells that software has to be concerned with the risk of an attack being passed along to their customers.
Generally, the answer to protecting yourself from a supply chain attack is a zero-trust model. There are very specific steps in getting towards zero trust that are higher priority than others to prevent these types of attacks. The industry as a whole, you'll see some newness standards coming down about having a bill of materials for any software that you deploy to customers, which is really designed to find vulnerabilities quickly to know what components have been impacted. And then just having conversations with your vendors, with your third parties. I don't know if this lands in the statement of work, but you should be having a conversation upfront asking anyone who supplies you software if their products are secure and how they secure them.