SolarWinds Hack: The Strategic ImplicationsTwo Experts Discuss Urgent Action Items
Organizations in the APAC region are not immune to the impact of the SolarWinds supply chain hack, so it’s essential that they reassess their risk management practices and audit their suppliers, two security experts stress.
Companies considering using new suppliers must take steps to ensure this does not create additional exposure to risk, says Malaysia-based Abid Adam, group CISO and group head of privacy at Axiata, a large telecommunications firm.
Sri Lanka-based Sujit Christy, group CISO at John Keells Holdings, notes: "We need to undertake vendor and supplier reviews as part of the [contract] agreement and include a clause allowing us to audit the suppliers.”
In this video panel discussion, the two experts address:
- Risk lessons learned from SolarWinds’ supply chain hack;
- How to respond to software coding challenges;
- The need to evaluate third-party products and conduct audits.
Adam is Axiata Group's CISO and head of privacy, responsible for providing strategic direction, implementation, oversight, and guidance for cybersecurity and privacy across the Southeast Asia region. Previously, he led the cybersecurity function and implemented transformational programs for a large multinational financial services organization.
Christy is a group CISO at John Keells Holdings. Experienced governance, risk, compliance, and cybersecurity professional, he is also a director of Layers-7 Seguro Consultoria Private Limited and a board member of the ISACA Sri Lanka Chapter.