Security News > 2021 > October > Listen up 2 – CYBERSECURITY FIRST! How to protect yourself from supply chain attacks
Historically, it's a big national security concern, as it should be, whether other governments might be poison-pilling some of our software and supply chains.
CW. Well, certainly one place to start with as a software provider is understanding that the security of your software is only as good as the security of your entire environment that's used to build and maintain that software.
That includes the security of your developer's desktops and how they authenticate, how they're maintained and patched, that kind of thing, all the way on to the computers that actually compile the code and package that code up for distribution.
The security of all those things around the software that build it are equally as important to that software security as the code in the software itself.
There are a million things that often end up with looser security for software engineers compared to the rest of the organization, not tighter.
You're trying to look at the whole picture of how seriously they take security, and how far are they along in providing all of the latest and best practices.
News URL
https://nakedsecurity.sophos.com/2021/10/25/becybersmart-2021-supply-chain-attacks/
Related news
- PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- Supply chain attack hits Chrome extensions, could expose millions (source)
- Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant' (source)
- North Korea targets crypto developers via NPM supply chain attack (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access (source)