Supply chain security and the Bugs Existing in it

Haroon Meer is the founding father of Thinkst, the corporate behind the well regarded. The recent SolarWinds mega-hack has managed to grab mainstream media headlines round the world but the more I read, the more i feel the press coverage has buried the lede.

The incident gets called a “supply chain” attack which hints at war-time tactics and, I’m willing to bet, will launch a dozen VC-backed startups. People are (rightfully) worried about the consequence since the SolarWinds attackers had access to many other development-houses and will have also poisoned those wells.

The state of enterprise security: While we’ve made progress in some areas of data security (e.g. the degree of data and skill required to take advantage of memory corruption bugs in modern operating systems) , enterprise security remains stuck pretty firmly within the early 2000s. An enterprise network consists of an untold number of disparate products, duct-taped together through poorly documented interfaces where often the quality for product integration is “this config works, don’t touch it!”. Any moderately skilled attacker will decimate an indoor corporate network long before they’re discovered, and therefore the average time it takes to realize Domain Admin is measured in hours and days rather than weeks or months. Most organizations, sadly, do not know this. They know the money spend on security is doing it right in the required senses. Most haven’t any clue they’re sitting ducks for average attackers of moderate skill, much less nation state-backed adversaries with unlimited resources.

Share

Related

Covid-19 AcceleratesTechnology Growth in Insurance Space

Amidst the Covid19 pandemic, insurers have speeded up the...

From Desktops to Thumbs: Why Your E-Commerce Strategy Needs to Go Pocket-Sized

From clunky desktops to lightning-fast smartphones, the way we...

UGR: Next Gen Compliance

What does “Patient-Centricity” mean to clinical trial enrollment?

Patient recruitment remains the leading cause of delay for...

Powering a GenAI Take to Transform Business Documentation

AveriSource, a U.S.-based independent software vendor and leading provider...

CFO Summit 2025 Set to Transform Financial Leadership in Australia

The prestigious CFO Summit, an invitation-only forum for finance...

How COVID-19 Spurred Overdue Innovations in Healthcare IT

By Wayne Embree, Executive Vice President, Investments & Venture...

Latest

No posts to display

No posts to display