Home Podcasts Episode #11: Supply Chain Attacks and Vulnerability Disclosures

Episode #11: Supply Chain Attacks and Vulnerability Disclosures

How should governments, businesses, and the industry respond to the series of cyberattacks on supply chains? Will increased regulation and Responsible Vulnerability Disclosure help? Listen to what Ran Nahmias, Co-Founder and Chief Business Officer at Cyberpion, has to say.

Supply Chain vulnerabilities

In the past year, we have seen accelerated adoption of digital platforms and technologies. For instance, more businesses and individuals are turning to e-commerce platforms to survive. The interconnections between partners and suppliers for these platforms have increased. So, it has become crucial to ensure the security of both the organization network and partner systems, particularly for the software supply chain. But why has it taken so long for CISOs to acknowledge this? This has resulted in an increase in supply chain attacks.

SolarWinds, giant aviation digital services provider SITA, and DevOps tool provider Codecov are among this year’s victims of supply chain attacks that continue to create a ripple effect of data breaches across their customers, exposing millions of records. The latest attack on supply chains is on Edward Don and Company, a known distributor of foodservice equipment and supplies in the U.S. And earlier this month, there was an attack on JBS, the world’s largest meat producer.

As businesses increasingly leverage tech partners and third-party solutions to add functionality to their online presence, hackers turn their focus towards cheaper, easier targets that are much harder for security teams to discover.

In particular, misconfigured cloud buckets, DNS hijacking, and malicious code injections (such as those seen in Magecart attacks) continue to be threats to an enterprise’s external attack surface, disrupting supply chains.

These devastating attacks are such a growing concern that CISA recently issued guidance on how to defend against them.

RSS: https://feeds.soundcloud.com/users/soundcloud:users:899202688/sounds.rss

Spotify: https://open.spotify.com/show/7pBhvwEVAaL4uUJnzD5rWO

Ran Nahmias, Co-Founder and Chief Business Officer at Cyberpion, and Brian Pereira, Editor-in-Chief, CISO MAG, discuss weaknesses in the supply chain. They also talk about the Magecart attacks and the growing ransomware attacks.

As Co-Founder & Chief Business Officer, Nahmias leads global sales and marketing at Cyberpion (Cyber-pie-on). He has over 25 years of experience in cybersecurity. He is a technology evangelist with a proven track record of entrepreneurial product management in both startups and Fortune 100 companies, focused on building high-growth, cutting-edge products, and solutions.

Formerly, Nahmias was the Global Head of Cloud Security at Check Point, and he has also held positions at Microsoft as a Director of Business Development and Field Engagement and as a solutions architect.