Supply chain security and the Bugs Existing in it

Haroon Meer is the founding father of Thinkst, the corporate behind the well regarded. The recent SolarWinds mega-hack has managed to grab mainstream media headlines round the world but the more I read, the more i feel the press coverage has buried the lede.

The incident gets called a “supply chain” attack which hints at war-time tactics and, I’m willing to bet, will launch a dozen VC-backed startups. People are (rightfully) worried about the consequence since the SolarWinds attackers had access to many other development-houses and will have also poisoned those wells.

The state of enterprise security: While we’ve made progress in some areas of data security (e.g. the degree of data and skill required to take advantage of memory corruption bugs in modern operating systems) , enterprise security remains stuck pretty firmly within the early 2000s. An enterprise network consists of an untold number of disparate products, duct-taped together through poorly documented interfaces where often the quality for product integration is “this config works, don’t touch it!”. Any moderately skilled attacker will decimate an indoor corporate network long before they’re discovered, and therefore the average time it takes to realize Domain Admin is measured in hours and days rather than weeks or months. Most organizations, sadly, do not know this. They know the money spend on security is doing it right in the required senses. Most haven’t any clue they’re sitting ducks for average attackers of moderate skill, much less nation state-backed adversaries with unlimited resources.

Share

Related

Battle for the Skies

It’s pretty much a universal truth that every phase...

How LegalTech can Change the Legal Industry, One Efficiency Platform at a Time

During the course of my nearly 25 years in...

How is Enterprise Security Like Writing a Novel?

Pen, paper and ink alone don't make a completely...

Pushing for a Healthier Social Media Experience

While a human arsenal is loaded with some really...

The Role of Insurance in Helping COVID-19 from Disrupting Tech Industries

Unlike any others the technology industry has been disrupted...

Another Pursuit for Domination

One reason why technology feels like such a transformative...

On the Cusp of Something Beyond Historical

Since the very beginning, human life has enjoyed a...

Analytics of an Experience: Measuring the Impact of Investments in Customer Experience (CX) Technologies

Organizations are making greater investments in customer experience technologies...