Search
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Expert commentary around the NCSC Annual Review - CyberArk

November 2021 by Daniel Lattimer, Director Government & Defence, EMEA at CyberArk

This morning, the National Cyber Security Centre (NCSC) released its Annual Review looking at some of the key developments and highlights of its work in the last year as well as insight into the current threat landscape and issues impacting both businesses and consumers.

In response to this report, the comment from Daniel Lattimer, Director Government & Defence, EMEA at CyberArk discussing one of the main topics to come from the report – the notion of ‘digital trust’.

“The notion of ‘digital trust’ has clearly come to the fore in the NCSC’s Annual Review in the wake of the high-profile SolarWinds and Exchange software supply chain attacks, as well as numerous COVID-19 attacks on newly-formed ‘digital’ supply chains. The UK government is already considering plans to mitigate this risk by requiring IT service providers to adopt the NCSC’s Cyber Assessment Framework, and it is an issue that has been raised in other countries too. The Biden administration, for example, issued an executive order earlier this year to review cyber vulnerabilities in critical technologies used by US, while a report from ENISA, the European Union Agency for Cybersecurity, suggests the number of supply chain cyberattacks in 2021 will quadruple in comparison to last year. The NCSC is therefore right to raise awareness around supply chain attacks; it is vital for both the public and private sector to put in place initiatives that decrease risk and improve trust across the software ecosystem, as it is now a proven route to affect many organisations using a single vulnerability in software in common use.“

“Protecting against software supply chain attacks means organisations must ensure that the fundamentals – like enabling multi-factor authentication (MFA) and implementing Zero Trust principles – are in place. But an initiative that the government could consider is to mandate greater transparency into what’s actually inside the software organisations are implementing – including visibility into open-source components, similar to looking at the ingredients in a ready meal you buy from the supermarket. A ‘Bill of Materials’ approach applied to the software supply chain would result in greater visibility, transparency and collaboration. All of which present positive steps forward in achieving digital trust, in the context of a COVID-19 vastly extending the digital threat landscape.”




See previous articles

    

See next articles