3rd Party Risk Management , Fraud Management & Cybercrime , Geo Focus: Asia
Improving the Response to Supply Chain AttacksPalo Alto Networks' Sean Duca Says Education Helps But Better Planning Is Needed
Response to supply chain attacks has evolved due to increased awareness and education, but more work needs to be done to understand how challenges can be addressed more systematically, says Sean Duca, vice president and regional chief security officer, Asia-Pacific and Japan, Palo Alto Networks.
See Also: OnDemand | Understanding Human Behavior: Tackling Retail's ATO & Fraud Prevention Challenge
"I talk to organizations across the region and I see varying levels of maturity in terms of their level of understanding," Duca says. "Every cybersecurity agency in Singapore is actively talking about it." He says agencies in other parts of the world "are also thinking about it and trying to roll out plans and programs to address some of these supply chain problems."
The biggest vulnerability for organizations is around software that exists inside their environment but is not being used, according to Duca. "Asset inventory around the types of applications that are actually being used is not … in place. So the foremost thing is to identify your assets," he says.
Duca also says most organizations have a low awareness of whether problems exist. "Do we actually have visibility and an understanding of those challenges?" he asks. "Could we mitigate and do we have a plan or some response in place?"
In this video interview with Information Security Media Group, Duca also discusses:
- Shifting left to consider security during the design and build phases;
- The impact of supply chain attacks on critical infrastructure;
- Risks posed to Singapore's digital supply chain - and what is being done about them.
Duca spearheads the development of thought leadership, threat intelligence and security best practices for the cybersecurity community and business executives. He has more than 20 years of experience in the IT security industry and advises organizations across the region, helping them improve their security postures and align security strategically with business initiatives.