Black Hat kicks off in a few days, and for Qualys customers still planning their schedule we have our weekly recommendation from among the conference’s many training courses and research briefings: The Enemy Within: Modern Supply Chain Attacks.
Speaker Eric Doerr, General Manager of the Microsoft Security Response Center, promises to provide “practical guidance on how to defend against supply chain attacks and harden your systems.”
Using examples of undisclosed supply chain attacks, he will cover topics such as attackers’ techniques and objectives, effective defense mechanisms, and the challenges of dealing with developers.
Why we’re recommending it
In addition to protecting their organization’s IT environment, security teams must closely monitor the security and compliance policies and procedures of trusted third parties, especially those in their supply chain.
“The weak link in your enterprise security might lie with partners and suppliers,” reported CSO Magazine.
Your organization may have its own house in order, but your third parties, due to negligence, carelessness or ignorance, can make your systems, data and products vulnerable to breaches.
“Attackers these days want to ‘own’ your entire system, including partners and suppliers,” reported ThreatPost.
There are plenty of examples of high-profile supply-chain attacks that affected large companies including Target, Google, T-Mobile and Wendy’s. The problem is only intensifying as supply chains get larger and more complex, and attackers more sophisticated.
“Breaches caused by external vendors and service providers have become a major and escalating problem for organizations,” reported Dark Reading.
In a recent study, Ponemon Institute found that 59% of surveyed companies experienced a third-party data breach, but that only 16% said they effectively mitigate third-party risks.
Regulators have taken notice. For example, the EU’s GDPR holds an organization liable if its customers’ personal data gets compromised as a result of a partner’s security failure.
With supply chain attacks increasing in volume and sophistication, we believe this 50-minute Black Hat USA 2019 session is worth attending in order to gain a better understanding of the problem, and walk away with practical advice your organization can adopt.
Qualys at Black Hat USA 2019
A Diamond Sponsor, Qualys will again have a major presence at Black Hat USA 2019, which runs from Aug. 3-8 at the Mandalay Bay in Las Vegas. We’ll be there explaining how we can help organizations protect their hybrid IT environments without slowing down their organizations’ digital transformation.
We invite you to stop by our booth (#204), enjoy a cup of coffee from our Nespresso bar, and chat with our product managers and technical account managers. We’ll raffle hi-tech prizes and give out tote bags after each presentation, including:
- Exclusive product previews, including of our new Threat Detection and Response Platform
- Best practices presentations from leading enterprises
- An overview of how Qualys Cloud Platform, our end-to-end security and compliance solution, gives you a real-time, holistic view of your threat landscape, and comprehensive capabilities for attack prevention and incident response