Panel Discussion: Mitigating Supply Chain Attack RisksExperts Discuss Ways to Prevent, Detect and Respond
To mitigate the risks posed by supply chain attacks, organizations can take several steps, including implementing threat modelling, continuous monitoring and improved software testing, a panel of experts advises.
Organizations should follow an appropriate threat modeling program to help ensure their vendors take a security by design approach, says Venkatesh Subramaniam, global CISO and privacy head at Olam International in Singapore.
Singapore-based Phoram Mehta, senior director, and APAC CISO at Paypal, stresses the need to use continuous monitoring to better understand how systems respond to these attacks.
DevOps also helps provide the flexibility and the ability to shift faster and use a newer technology stack and a '"built-in" security approach, which can help prevent such attacks, Mehta says.
"Organizations should go beyond a checklist and have a governance mindset in assessing software testing and coding process … and the same processes need to be expected from the third-party vendors as well," says Philippines-based Mario Demarillas, CISO and head of IT consulting and software engineering at Exceture Inc.
The panel discussion was held at Information Security Media Group's recent Virtual Cybersecurity Summit: South East Asia.
See Also: Adopting a Shift Left Strategy
In this video, the three experts address:
- Assessing third-party vendor risks;
- Ensuring the integrity of coding practices;
- Harnessing technologies such as EDR and decoys to spot hackers' movements.
Subramaniam is the global CISO at Olam International, where he is responsible for all aspects of the security program. He has more than 26 years of experience in information security and management.
Mehta is the CISO of PayPal's Asia-Pacific region. With more than two decades of experience in information security, Mehta has been instrumental in building secure technology solutions for companies across several sectors.
Demarillas is CISO and head of software engineering at Exceture Inc. He has 20 years of professional experience in information systems and internal audit, fraud examination, cybersecurity, data privacy, and governance.