Securing data in use – a case for confidential computing
With the explosion and proliferation of data it is a cumbersome task to keep up with protecting what is the crown-jewels of any organization: The data itself.
Welcome back to the cyber security tech blog! This time I will share my thoughts and reflections regarding supply chain cyber-attacks etc. directed at third party vendors. Why is this important - well, businesses are dramatically increasing their reliance and consumption of solutions from third party vendors. Cyber-criminal actors are aware of the impact - attacking one victim with spread to hundreds or in some cases thousands of customers creates devastating operational effects. The recovery after a cyber-attack usually takes weeks. Businesses need to prepare much more to train and practice how to deal with this.
The cyber-criminal actors seek for unsecure network protocols, unprotected server infrastructures, and unsafe coding practices to take advantage of these exploits and vulnerabilities to change source codes and hide malware in application-build and update processes.
Software is built and released by trusted third party vendors, these software and updates are signed and certified. In software supply chain attacks, vendors are likely unaware that their apps or updates are infected with malicious code when these are distributed to all customers. The malicious code then runs with the same trust and permissions as the software.
These statistics tell us that software supply chain security will become even more important in the coming years as software supply chain attacks are on the rise.
Supply chain attacks are very serious for a bank. Dependence on third parties increases for support and solutions in processes. it becomes an integral part of the operational activities. A rich attack against a third-party vendor has extensive negative effects on all its customers. It usually takes weeks to fully recover from a cyber-attack. It is this interruption that a business must be able to manage. It will require new ways to train and practice simulated effects of a supply chain attack.
SEB works methodically and fact-based through analyses, modelling, insights, and know-how regarding the cyber threat landscape and the methods and goals of adversaries. That is used and translated into capabilities that underpin a modern and effective cyber defence. SEB validates and follows up on this through very extensive tests in accordance with ethical simulated cyber-attacks against critical processes and infrastructure.
With the explosion and proliferation of data it is a cumbersome task to keep up with protecting what is the crown-jewels of any organization: The data itself.
Welcome back to the cyber security blog. This time I want to share my thoughts and observations regarding the need to develop a future proof cyber defence.
Reflections from a cybersecurity training week, with the purpose of picking out a team of young people to represent Sweden in the European championship in cyber defense.
Do you have feedback or thoughts about future blog articles? Get in contact with us at the e-mail address below.