Supply chain cyberattacks have increased dramatically since the start of the pandemic. To mitigate this risk, CISOs need a vendor risk management strategy that includes knowing which vendors have their data, what type of data they have, and where they store it. A defined patch management strategy also helps CISOs mitigate supply chain risk. If you receive a patch notification from a vendor, you should trust that it’s a good patch. You should, however, test that patch within a secure environment before releasing it into the network. In other words, adopt a trust but verify approach.
CISO Street recently moderated a virtual CISO panel and asked panelists about their perspectives on current cyber trends and challenges. In this video, Jonathan Kimmitt, CISO for the University of Tulsa, and Jason Lewkowicz, Global CISO for Cognizant, discuss how recent cyberattacks changed their approach to supply chain security.