BANKING

STEVE ZALEWSKI DEPUTY CISO , LEVI STRAUSS

Software supply chains under threat Another major attack vector is supply chains , where attackers aim to target businesses on a mass scale through compromising thirdparty products . A recent incident was the SolarWinds Breach , where hackers were able to hide malicious code within an update to an IT monitoring system that was used by more than 30,000 public and private organisations , including the US Government .

This is an extremely vulnerable area as many developers use modular-build software packages that come from many different sources , any of which could be compromised . “ The problem is continually getting worse , with enterprises more and more reliant on outside providers ,” says Steve Zalewski , deputy CISO at Levi Strauss . “ What we need is an international chain of trust [...] where we can all agree on a global set of tools and practices .”

One such solution could be the use of an SBOM ( Software Bill of Materials ), which staff can use to help them identify if malicious software has been entered into a system . This solution , however , only works if the people managing the system understand the components within well enough to identify discrepancies .

War on talent in cybersecurity Unfortunately , weaknesses can be introduced to a system just by plain old ignorance . Nevertheless , another major problem facing businesses is the lack of available talent , leaving them unable to manage their cybersecurity needs in-house . This can be exacerbated by a lack of clear direction during the hiring process .

Hiring managers should know what skills they need to hire , where to find them , the appropriate remuneration , and above all else , have good and timely communication .

46 January 2023