The recent attack on SolarWind's Orion product demonstrated how vital it is for Chief Information Security Officers (CISOs) and their teams manage supply chain risks and understand all the products in their environment and how they are being used. Here we talk to Michael Lines, CISO and Head of Security Product Management at Cleanshelf, about why the IT and information security community should be concerned after the SolarWinds hack.
As pharmaceutical companies and healthcare organizations turn their attention from the development to the deployment of coronavirus vaccines, well-resourced cybercriminals are hotly following suit. The vaccine supply chain is rife with logistical complexities making the enormously valuable data on the various vaccines deeply attractive to threat actors. In fact, cybercriminals are already attempting to steal vaccine formulas and disrupt operations.
If the experiences of 2020 taught us anything, it’s that risk in the modern world cannot be understood or sufficiently mitigated with a siloed approach. Individual threats, such as regulatory risk and IT security, converge. Lacking a high-level view, it’s difficult to see the web of cause and effect – making it more difficult to anticipate, prepare, or mitigate the biggest risks. 2020 may be over, but the challenges remain in 2021. Compliance and risk management will need a shared umbrella of information and communication to tackle the complex, integrated risks of today’s landscape.
What is the best path forward? Should companies upgrade their existing platforms or replace them entirely? What makes the most sense both financially and for the security of your data?
The goal of the partnership is to improve the training and education of the workforce in support of cybersecurity protection and resilience along with supply chain risk management.
CISA has updated AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, originally released December 17. This update states that CISA has evidence of, and is currently investigating, initial access vectors in addition to those attributed to the SolarWinds Orion supply chain compromise. This update also provides new mitigation guidance and revises the indicators of compromise table; it also includes a downloadable STIX file of the IOCs.
Girl Scouts of Tropical Florida (GSTF), Ryder System Inc. and the University of Tennessee's Global Supply Chain Institute partnered to create supply-chain curriculum for K-12.
Some industries experienced more upheaval than others. The survey found that 65% of supply chains in aerospace and defense, on average, were disrupted by the pandemic.
Six out of ten businesses target geographic diversification of supply chains to build resilience.
August 11, 2020
According to the Supply Chain Resilience Report 2020 from 3D Hubs, cybersecurity issues have affected less than 10% of firms over the past 10 years, compared to 60% that have suffered directly as a result of COVID-19 disruption.
JSOF has discovered a series of vulnerabilities stemming from one small software library that has rippled across the supply chain, affecting 100's of millions of IoT devices.
