wonderfully unique software solutions

Kaspersky calls for global response to cyberattacks on supply chains

The risk of cyberattack on supply chains represents a “ticking time bomb” that demands a globally coordinated approach, according to attendees at this year’s online RSA Security Conference.

Anastasiya Kazakova, senior public affairs manager at Kaspersky, suggested a mechanism that provided recommended technical and operational points of contact in each country, to swing into action in the event of supply-chain cyberattack.

“These would serve as a ‘final station’ in reaching out to a national CERT, law enforcement agency or cybersecurity professionals, where needed, to exchange technical information,” she said.

RSA attendees indicated that the absence of a global policy response to supply-chain attack puts international cyber-stability at risk, not least because of the related lack of information sharing and trust among countries and corporations.

At the Kaspersky-sponsored panel discussion, Interpol director of cybercrime Craig Jones said organisations such as Interpol should be among the first to be called, together with computer emergency response teams (CERTs), private-sector partners and the international community.

“It’s in everyone’s interest to thoroughly investigate incidents as well as getting and sharing as much information as possible to ensure security of critical infrastructure,” Jones noted.

Serge Droz, chair of the Forum for Incident Response and Security Teams (FIRST), added: “Cybercriminals love to divide and conquer; if we’re divided, criminals flourish. Our biggest challenge – much bigger than a technical challenge — is to decide how we all work better together.”

Jon A. Fanzun, special envoy for cyber foreign and security policy at Switzerland’s Federal Department of Foreign Affairs (FDFA), said clarification and consensus is still needed, too, on exactly how international law applies in cyberspace.

“Consensus is needed on how human rights should be protected online, how norms of responsible state behaviour should be implemented, and what the role of other stakeholders is. We also need to implement what we agreed on and to hold those who violate agreements accountable for their actions,” Fanzun claimed.

According to the Kaspersky panel, increased digitisation, including in government and public services, makes organisations are more vulnerable to cyberattack. Global policy should be developed that addresses supply chains and “value-chain” risk. .

Kaspersky researchers track several groups that focus on targeted supply-chain attacks via software vulnerabilities in develop, update and build processes.

(Logo © Copyright RSA Conference 2021)

Recent Articles

Arista warns SMBs to take precautions against edge threats

Arista Networks, the vendor of Arista Edge Threat Management (ETM) has warned that SMBs aren't always aware of the extent of targeting...

Instructure rolls out iWork update for Canvas LMS users on Apple

Learning management software company Instructure has taken the covers off an Apple iWork update for its Canvas learning management system (LMS).

E-learning player iSpring adds six integrations for its LMS platform

Customers of the iSpring Learn learning management system (LMS) can now connect to no less than six additional platforms with a view...

What’s new in JetBrains code analyser Qodana 2023.2

The code-quality platform Qodana, new from a cornucopia of JetBrains developer tools, now boasts server-side analysis integrated with the 2023.2 releases of...

N-able leads RMM field across multiple awards programmes

Remote monitoring and management (RMM) provider N-able has taken two more coveted titles for 2023, including a prestigious CRN award for the...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox