CASE STUDY
resources to gain and maintain access to high-value vendor networks.
Why are supply chain attacks so difficult to detect early?
It’ s often due to the lack of visibility and telemetry that comes hand-in-hand with SaaS solutions. Unlike on-premises devices, where a customer or third-party MDR services can often directly access logs and telemetry to detect a compromise, SaaS platforms leave customers reliant on vendors. Most of the time, the infrastructure behind these platforms are black boxed to customers so when an attack does hit, many are blindsided because they have zero warning and zero chance to defend.
This mix of limited telemetry and lack of control over patches means your whole playbook is reliant on vendor response. It is thus critical to understand which vendors you are truly reliant on and ensure they have the necessary maturity and transparency. Understanding this is not always easy, for example, a vendor might not handle sensitive data, but they could have a high level of access – creating what is essentially an‘ undefined blast radius’ of a breach – and potentially giving an adversary free reign in a customer’ s network.
How do you balance security requirements with business agility and cost pressures?
Operating margins, productivity and time-to-market are all going to need to be traded-off against security requirements. What’ s key is to ensure the board, executive team and CISO are aligned on their risk appetite. If the business is taking a‘ calculated risk’, that should always be done with eyes open and a shared understanding of the implications if a bet goes wrong. The challenge is that risk appetite can be a very fast-evolving and emotive topic. It’ s a CISO’ s job to explain the likelihood and impact in a way that resonates with the board then digest the feedback to tease out a risk appetite. This requires excellent communication skills, translating a set of complicated technical issues into an understandable and believable narrative that ties in business goals, without being unnecessarily alarmist.
How do you see supply chain cyberattacks evolving over the next three to five years?
SIMILARLY, ALTHOUGH HARD TO PREDICT EXACTLY HOW, THE INCREASED USE OF GENERATIVE AI WILL BE AN ENTICING TARGET.
Supply chain attacks mirror wider technology trends. As more workloads continue to move to SaaS and PaaS solutions, attackers will likely double down on their focus on these platforms, particularly those with deep access into customer environments such as identity and cybersecurity providers. Similarly, although hard to predict exactly how, the increased use of Generative AI will be an enticing target. Given the resources required, the product of GenAI models is extremely centralised( and fast moving) making them a very high value proposition. x
16 www. intelligentcxo. com