As more details about the SolarWinds breach come to light, it is important to focus on the facts of the case to determine how best to protect your own system.
- The software supply chain was used as the malware distribution system.
- The sophistication of the breach was in the undetected manipulation of code over a long period of time.
- There were multiple failures around securing and monitoring code.
- The supply chain software hack risk is now proven and is impacting the tens of millions of devices that the SolarWinds’ software platform manages on behalf of their customers.
Perspective From Nucleaus:
First, everything now runs on code! It is critical to protect what you already have AND what you will get in the future.
- This type of software supply chain hack will rapidly evolve, analogous to how Ransomware developed and affected all of us. Lack of risk visibility in your software supply chain presents exposure to massive liability.
- The ability to persistently and continuously scan all code while building a historical record must now be a foundational capability. This gives your audit, legal, product, and technical teams a real time view of what is happening in your digital world.
- The capability to evaluate all existing code AND preempt the risk introduced by software supply chain partners is critical.
The security of your global software supply chain is now front and center. Current methods are inadequate and expose you to risk.
|Duane Smith, CISO|