In this session, Ed Amoroso covers 5 areas of focus to understand and reduce supply chain risks; review processes, inspect hardware/software, specify vendor requirements, monitor for vendor issues, and proxy comms to unknown sources.
No organization lives in a vacuum. The cyber supply chain is massive but is often the weakest link. With supply chains getting more complex, it is time for security leaders to start working closely with procurement to maintain a complete line of sight into their vendor portfolios. Attackers routinely target supply chains, and unproven vendors present a major risk when outsourcing to lesser-known suppliers overseas.