Confronting the alarming rise of supply chain attacks>
Innovation News Network –
Supply chain attacks have been on the rise in recent years, with the SolarWinds and Kaseya attacks demonstrating how vulnerable complex software supply chains can be.
Attackers are targeting software vendors and cloud providers further up the supply chain in order to compromise many downstream customers and partners simultaneously.
Many organizations don’t have strong controls over their own supply chains, making it difficult to vet third-party dependencies and identify risks.
Lack of visibility is a major issue.
Software composition analysis and bill of materials tools can help organizations gain insight into the open source and third-party components used in their applications and dependencies.
It’s important to monitor for known vulnerabilities in dependencies and get notifications about new CVEs.
Automated tools can help with timely patching.
Multi-factor authentication, access controls, monitoring, and separation of duties are key measures for software vendors to strengthen their security and reduce risks of insider threats.
Collaboration between government, industry and researchers is needed to address this growing threat.
Sharing intelligence and best practices can help raise security standards across complex global supply chains.
While risks can’t be eliminated, a proactive, defense-in-depth approach integrating various tools and controls can help organizations detect and respond to supply chain attacks faster.
Link: https://www.innovationnewsnetwork.com/confronting-the-alarming-rise-of-supply-chain-attacks/43754/