Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In late February of this year, Change Healthcare experienced a massive ransomware attack. The company, a subsidiary of United Healthcare, is the largest clearinghouse for insurance billing and payments in the U.S, processing 15 billion medical claims each year.

Talking to fellow CISO’s around the globe - and in particular Europe - the topic of cybersecurity regulations and compliance has taken on a new life. Most recently, the Network and Information Security (NIS 2) Directive is the latest regulation shaking up the region. NIS2 is much more than an update though—it's transforming the cybersecurity landscape of the EU.

The digital supply chain refers to the chain of third-party digital tools, services and infrastructure that a company depends on for a particular first-party service (such as their website or SaaS platform). In an ever-changing digital landscape, supply chains can be brittle with many unseen risks. The nature of supply chain risk is transitive; any part of the often long and complicated digital supply chain can be compromised, causing all components downstream of it to also be compromised.

Pressure is increasing on manufacturers to monitor their shop floors for malicious activity to avoid creating major disruptions in the supply chain. One key security defensive tool for monitoring network-connected devices in a manufacturing environment is Operational Technology Security or just OT. Let’s look at what OT is and how it can detect malicious activity.

Imagine this: an attacker sneaks a tiny backdoor into software that hundreds of companies use. It sounds like a plot from a spy movie, but it’s a real threat that recently impacted major Linux distributions through a compromised utility tool, XZ Utils. So far, in 2024, over 35 billion known records have been breached. The Linux attack, potentially in action and undetected since 2021, is just one of the many that highlight the alarming proliferation of supply chain attacks.

The digital supply chain refers to the chain of third-party digital tools, services and infrastructure that your company depends on for a particular first-party service (such as your website or SaaS platform). In an ever-changing digital landscape, supply chains can be brittle with many unseen risks. The nature of supply chain risk is transitive; any part of the often long and complicated digital supply chain can be compromised, causing all components downstream of it to also be compromised.

An organization’s software supply chain includes all the elements involved in developing and distributing software, such as components, tools, processes, and dependencies. Each link in this important chain presents the potential for security threats. Recent research conducted by Gartner shows a major increase in attacks targeting code, tools, open-source components, and development processes, particularly in areas where organizations lack visibility.

It’s a wrap! RSA 2024 brought together cybersecurity experts, industry leaders, and innovators to delve into critical topics defining the future of digital security. One of the key themes that garnered significant attention at RSA 2024 was software supply chain security.

Last episode of C.J. May's series on implementing a DevSecOps program: how to harden your software delivery pipelines to maintain robust security measures.

The digital supply chain refers to the chain of third-party digital tools, services and infrastructure that is depended on for a particular first-party service (such as your website or SaaS platform). In an ever-changing digital landscape, supply chains can be brittle with many unseen risks. The nature of supply chain risk is transitive; any part of the often long and complicated digital supply chain can be compromised, causing all components downstream of it to also be compromised.