#ITWebSS2021: Old Mutual CISO to address supply chain risks
A supply chain attack, also knows a third-party or value-chain attack, happens when a bad actor infiltrates a company’s networks or systems via an external supplier or third-party partner who has legitimate access to its systems and data.
This has significantly altered the attack surface of your average enterprise over the past few years, as an increasing number of outside service providers and suppliers have access to, and are handling sensitive or proprietary information.
And the risks that go hand-in-hand with these attacks have never been greater, as adversaries are more determined and have more tools at their disposal, attacks are growing in frequency and complexity, and the regulatory environment is increasing in stringency and oversight from regulators.
This has created a perfect storm, and there’s no better example than the recent SolarWinds attack, that affected several hundred organisations, and was described by a prominent researcher as ‘an 11 out of 10’.
Unfortunately, many third-party partners just don’t have the budgets for the same level of incident detection and response as their enterprise customers. Attackers and nation-state threat actors will always deliberately target the weakest link in the chain to gain access, and slip through the security nets.
Many third-party partners just don’t have the budgets for the same level of incident detection and response as their enterprise customers.
So how can companies protect themselves against supply chain attacks?
An experienced IT and information security executive, Varma has worked in the financial services, healthcare, telecommunications and transport industries as well as government. She is skilled in the disciplines of IT governance and service management too, and has vast experience in both building and running security strategies and large scale programmes across geographically dispersed and complex environments.
During her presentation, Varma will examine the reasons behind the sharp increase in cyber attacks targeting supply chains. She will discuss how to identify where the risk lies and how to assess the supply chains through the lens of information security.
Delegates will learn how to build security requirements into supplier contracts so that they are clearly defined from the beginning, and how to implement continuous monitoring across the supply chain to ensure a real-time view of emerging threats and potential disruptions.