Managing the Risk of Supply Chain Attacks

In this video, we have a cybersecurity expert speaker from Sophos, Yasa. He introduces himself as a cybersecurity consultant with experience in architecting and building scalable networks and security systems for enterprise businesses.

Yasa provides an overview of Sophos, stating that the company has been around for nearly 30 years, with headquarters in Oxford, UK. He mentions having over 100 million users across 150 countries, emphasizing the importance of sharing information with customers and partners to enhance security.

The speaker discusses the three principal guidelines followed by Sophos: predictiveness, adaptiveness, and the need for solutions to communicate with each other. He emphasizes the importance of visibility across the entire security estate, moving away from the traditional approach of using different products from different vendors.

Yasa presents a chart from Verizon’s data breach report, revealing that the time taken to detect attacks has decreased over the years. However, he highlights the shift in the threat landscape towards ransomware, which is detected faster due to its immediate impact and quick returns for attackers.

He advises organizations to align themselves with a cybersecurity framework, specifically mentioning the NIST Cybersecurity Framework’s three pillars: protection, detection, and response. Yasa explains that while many organizations invest in protection, they often lack maturity in detection and response, posing a challenge, especially for small-sized enterprises.

The speaker provides insights into the typical stages of a cyber attack, including infiltration, reporting of success, spreading within the environment, and the objectives of stealing information or deploying ransomware. He also introduces the concept of a supply chain attack, which targets trusted third-party suppliers rather than the organization directly.

Yasa discusses different types of supply chain attacks, such as phishing, software update attacks, and poison packages. He mentions the SolarWinds supply chain attack, Microsoft Exchange zero-day attack, and the Kaseya attack as recent examples. The SolarWinds case study is explored in detail, highlighting the long period of undetected access and the significant impact on numerous high-profile customers.

The speaker acknowledges the fragmented nature of the cybersecurity industry, with numerous vendors and startups emerging and disappearing, making integration and innovation challenging.

To address supply chain attacks, Yasa recommends monitoring for early signs of compromise, conducting audits of the supply chain, assessing the security posture of suppliers, and regularly reviewing one’s own cybersecurity hygiene. He emphasizes the need to shift from a reactive to proactive approach, assuming constant compromise and actively detecting and responding to threats.

Yasa explains how Sophos can assist in reducing cybersecurity risk, enhancing visibility, and increasing the return on IT investment. He highlights the Adaptive Cybersecurity Ecosystem, where Sophos products communicate with each other to provide comprehensive protection. Additionally, he mentions technologies like artificial intelligence and APIs that enable automation and augment security operations.

The speaker introduces managed detection and response services, offering 24/7 support from a team of experts. He emphasizes their proactive approach in containing and neutralizing threats, providing advice to improve security posture, and allowing clients to customize their collaboration level with the team based on trust.