3rd Party Risk Management , Application Security , Governance & Risk Management

Panel Discussion: Mitigating Supply Chain Attack Risks

Experts Discuss Ways to Prevent, Detect and Respond
From left: Mario Demarillas, CISO and head of IT consulting and software engineering, Exceture; Phoram Mehta, senior director and APAC CISO, Paypal; and Venkatesh Subramaniam, global CISO and privacy head, Olam International

To mitigate the risks posed by supply chain attacks, organizations can take several steps, including implementing threat modelling, continuous monitoring and improved software testing, a panel of experts advises.

Organizations should follow an appropriate threat modeling program to help ensure their vendors take a security by design approach, says Venkatesh Subramaniam, global CISO and privacy head at Olam International in Singapore.

Singapore-based Phoram Mehta, senior director, and APAC CISO at Paypal, stresses the need to use continuous monitoring to better understand how systems respond to these attacks.

DevOps also helps provide the flexibility and the ability to shift faster and use a newer technology stack and a '"built-in" security approach, which can help prevent such attacks, Mehta says.

"Organizations should go beyond a checklist and have a governance mindset in assessing software testing and coding process … and the same processes need to be expected from the third-party vendors as well," says Philippines-based Mario Demarillas, CISO and head of IT consulting and software engineering at Exceture Inc.

The panel discussion was held at Information Security Media Group's recent Virtual Cybersecurity Summit: South East Asia.

See Also: 2020 User Risk Report

In this video, the three experts address:

  • Assessing third-party vendor risks;
  • Ensuring the integrity of coding practices;
  • Harnessing technologies such as EDR and decoys to spot hackers' movements.

Subramaniam is the global CISO at Olam International, where he is responsible for all aspects of the security program. He has more than 26 years of experience in information security and management.

Mehta is the CISO of PayPal's Asia-Pacific region. With more than two decades of experience in information security, Mehta has been instrumental in building secure technology solutions for companies across several sectors.

Demarillas is CISO and head of software engineering at Exceture Inc. He has 20 years of professional experience in information systems and internal audit, fraud examination, cybersecurity, data privacy, and governance.

About the Author

Geetha Nandikotkur

Geetha Nandikotkur

Managing Editor, Asia & the Middle East, ISMG

Nandikotkur is an award-winning journalist with over 20 years of experience in newspapers, audiovisual media, magazines and research. She has an understanding of technology and business journalism and has moderated several roundtables and conferences, in addition to leading mentoring programs for the IT community. Prior to joining ISMG, Nandikotkur worked for 9.9 Media as a group editor for CIO & Leader, IT Next and CSO Forum.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.