Supply Chain Cyber Attacks Donโ€™t Mean Stop Patching Software

A Trojan horse made of electronic hardware components at Tel Aviv University (circa 2016); credit

Supply Chain Attacks Are Not a New Phenomenon

TeamViewer event logs showing the remote compromise of a CCleaner developer unattended workstation; (Khandelwal, 2018)

The Basics Still Apply

  • Anti-Virus Software for Endpoints
  • Hashing of executables to verify authenticity prior to install
  • Patching systems in a timely manner after the patches have been tested for system compatibility
  • Least Privilege / Functionality
  • Encryption of data-at-rest and in-transit
  • Segmented Networks
  • Multi-Factor Authentication (MFA)
  • Separation of Duties / Privileged Account Management (PAM)
  • Event logging and routine frequent auditing
  • Business Continuity & Disaster Recovery Preparedness
  • Security Awareness Training
  • Penetration Testing (Internal/External) โ€” white, gray, black box
  • Risk Framework Compliance

Disconnecting Everything From the Internet is Not the Answer

How Do We Stop the Bleeding?

--

--

--

the salty chronicles of one bumbling infosec engineerโ€™s lifelong quest to design less shitty privacy & security while trying his best not to blow up the planet

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

The Growing Importance of Protecting Our Data and Digital Assets as Our Lives Become Ever Moreโ€ฆ

Cybersecurity Concerns About Digital Transactions

Hack The Boxโ€Šโ€”โ€ŠReminiscent

How to integrate security on the DevOps pipeline?

Attack and Defense of Car Entertainment Control System

How to whitelist an email address with Gmail, Outlook.com or Yahoo! Mail Jeremy Rush

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
๊ง๐“Šˆ๐’†œ๐Ÿ†‰3๐Ÿ†๐Ÿ…พ๐Ÿ†ƒ๐Ÿ†๐Ÿ†„๐Ÿ†‚๐Ÿ†ƒ๐’†œ๐“Š‰๊ง‚

๊ง๐“Šˆ๐’†œ๐Ÿ†‰3๐Ÿ†๐Ÿ…พ๐Ÿ†ƒ๐Ÿ†๐Ÿ†„๐Ÿ†‚๐Ÿ†ƒ๐’†œ๐“Š‰๊ง‚

the salty chronicles of one bumbling infosec engineerโ€™s lifelong quest to design less shitty privacy & security while trying his best not to blow up the planet

More from Medium

What is DNS, and how it makes our life easier?

Extremely Simple Securityโ€Šโ€”โ€ŠLearn Cyber Threats, Attacks & Vulnerabilities (Social Engineering, 1.1)