Governmental and industrial supply chain networks have been shaken to their core by the recent Sunburst and Supernova cyberattacks, and cybersecurity companies and service providers need to up their game to avoid future calamities.
Pandora’s Box
- Entire ecosystems have been made exponentially vulnerable as a result of the success of these two attacks. Sunburst and Supernova have provided proof of concept for supply chain attacks which will give APT (advanced persistent attack) Groups, State actors and organized cybercrime attackers a blueprint for launching other successful cyberattacks on supply chain links offered by the cybersecurity industry while creating the impetus for one-up-man-ship in the highly competitive landscape of the Dark Web.
- from a cyberattacker’s view breaking a single vendor’s product provides access to highly critical infrastructure and the opportunity to subsequently build backdoors
- increasing efforts of to identify weak links in the supply chain designed to compromise cybersecurity vendors
Cyber-security is complex
Cyber-security is far too complex for any single company or vendor to be able to cover every eventuality. In our connected world managing the threat landscape to ensure the continuity of business functions and providing business stability to stakeholders demands the collaborative efforts of cyber-security experts, solutions and services, at the same time cyber-security has become a collaborative challenge. Even before Sunburst and Supernova, no organisation, not even those in the cyber-security vertical, should be exempt from deploying the highest degree of security standards and quality management protocols to their infrastructure.
From our founding asvin has taken a holistic approach to security policies and procedures. As a provider for IoT and IIoT cyber-security, patch and update management solutions and services, we recognise that we are a target at the same time we maintain a critical role in the cyber-security supply chain. It doesn’t matter if a business is a startup or an established cyber-security enterprise, what we do demands earning and maintaining trust and providing a portfolio of products and services which are designed to mitigate cyber-risk. Even cyber-security companies need to continuously improve their own security standards and quality management through collaboration with experts in building a trustworthy supply chain.
Key Takeaways from asvin
- Resilient application architectures: asvin is built on decentralized technologies. A decentralized architecture such as asvin’s offers a far higher degree of protection against malicious attacks than the tadeonal centralized IoT managing systems in industry. DLT provides an outstanding advantage to asvin’s platform and services.
- External Assessment on our Software-Architecture, Deployment-Procedures and organization-wide cybersecurity processes; we have contacted with KPMG’s Cybersecurity to continue these assessments in 2021.
- Penetration testing by White Hat hackers to identify vulnerabilities so they may be closed. asvin’s external penetration testing will continue in 2021 with external partners like Trigyn Technologies.
- Continuous security training and learning: An aware staff is far less likely to make very human errors and serves as the first line of defense against cyberattack. In 2021 we will continue to provide cyber-attack prevention training.