There’s an old security adage: a chain is only as strong as its weakest link. The sentiment long predates Information and Communications Technology (ICT), but it’s never been more relevant. With modern ICT connecting millions of systems worldwide, there are exponentially more “links” to worry about. That’s especially true when we shift our focus from defending against external threats, which organizations have gotten pretty good at, to those originating inside an organization’s sphere of trust. Here, we have work to do — starting with the ICT supply chain itself.
Today’s supply chains are a modern marvel. Vast webs of suppliers, manufacturers, integrators, shipping carriers, and others allow vendors to build ICT products more cost-effectively and to quickly deliver them to customers anywhere. But modern supply chains also increase the number of parties with access to those products — and the number of potential weak links that cybercriminals could seek to exploit. By targeting an organization’s hardware or software supply chain, hackers can compromise an ICT product before it’s even deployed. And, since that product is coming from a supplier the target implicitly trusts, the compromise may go undetected until it’s too late.
To read this article in full, please click here
More Stories
Friday Squid Blogging: Squid Game Season Two Teaser
The teaser for Squid Game Season Two dropped. Blog moderation policy. Read More
Clever Social Engineering Attack Using Captchas
This is really interesting. It’s a phishing attack targeting GitHub users, tricking them to solve a fake Captcha that actually...
US Cyberspace Solarium Commission Outlines Ten New Cyber Policy Priorities
In its fourth annual report, the US Cyberspace Solarium Commission highlighted the need to focus on securing critical infrastructure and...
Cybersecurity Skills Gap Leaves Cloud Environments Vulnerable
A new report by Check Point Software highlights a significant increase in cloud security incidents, largely due to a lack...
Going for Gold: HSBC Approves Quantum-Safe Technology for Tokenized Bullions
The bank giant and Quantinuum trialed the first application of quantum-secure technology for buying and selling tokenized physical gold Read...
This Windows PowerShell Phish Has Scary Potential
Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who...