Why Supply Chain Security Risks Provide Backdoor For Hackers And How To Prevent It, Experts Insight

New research suggests that cyber-attacks on supply chains increased by 51% in the last six months of 2021. Organisations have an opportunity to reduce their third-party risk by clarifying whether they or their suppliers are responsible for supply chain risk management, according to new global research of 1400 cyber security decision makers by NCC Group. Around one in three (36%) said that they are more responsible for preventing, detecting and resolving supply chain attacks than their suppliers. Just over half (53%) said that their company and its suppliers are equally responsible for the security of supply chains.

Experts Comments

April 08, 2022
Tim Mackey
Principal Security Strategist, Synopsys CyRC (Cybersecurity Research Center)
Synopsys

Software supply chains are complex entities often comprising hundreds of “suppliers” per application. Each supplier, or dependency as it’s also known, represents a vector for software to enter an organisation. Often software is subject to a vendor risk management review prior to procurement, but for some software, such as open-source software or SDKs, there is no explicit vendor against which to perform a risk assessment. That’s partly due to the decision-making related to supplier

.....Read More

Software supply chains are complex entities often comprising hundreds of “suppliers” per application. Each supplier, or dependency as it’s also known, represents a vector for software to enter an organisation. Often software is subject to a vendor risk management review prior to procurement, but for some software, such as open-source software or SDKs, there is no explicit vendor against which to perform a risk assessment. That’s partly due to the decision-making related to supplier selection in an open source context being made by developers who are measured more by their ability to quickly implement features rather than their skills in risk mitigation or compliance reviews.

Given the complexity of software supply chains, and the growing attention to them within business, it’s reasonable to expect cyber criminals to attempt to disrupt business operations by targeting the supply chains powering the business. Addressing the risks present in software supply chains starts by recognising that a traditional vendor-centric view of supplier validation is insufficient to accurately describe the risks requiring mitigation. Instead, mitigation strategies must be tailored to each of the potential methods for software to enter a business where process threats are identified well in advance of any requirement to mitigate vulnerabilities or address a cyber-incident.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.