Supply chain – Business as usual?

Reading time: 4 minutes

Category: Trends and Reports


Our growing dependence on third-party and open-source software can be compared to adding more spare keys to a growing number of doors. Each key, while making access easier and operations smoother, also increases the chances that a hacker might find one under the mat and gain unauthorized entry into our systems.

Matthijs is CIO and CISO within Vitens, the largest drinking water utility in the Netherlands. Vitens serves a third of the Dutch population with clean spring water, which is purified and distributed using 96 production facilities and over 55.000 km of pipeline. Vitens is aiming to become fully data driven and at the same time people focused. Matthijs plays a leading role in this transformation.

In this ‘Suppy chain – Business as usual?’ episode of Threat Talks, Lieuwe Jan Koning and Luca Cipriano dive into the escalating risk of supply chain attacks amid growing reliance on third-party and open-source software. Featuring insights from Matthijs Zwart, CIO and CISO of Vitens, the discussion explores the implications of these threats in critical sectors like water supply.

The discussion extends beyond identifying the issue to emphasize proactive defense strategies. You’ll learn about the necessity of endpoint detection and response (EDR) software, implementing robust network firewall protocols, and consistently monitoring account sessions to detect and thwart unauthorized access.

Are you safeguarding your digital ‘spare keys’? Are you aware of how secure your business partners are?

To navigate the maze of supply chain cybersecurity, and to understand the shared responsibility in fending off these covert infiltrations, don’t miss our insightful episode of Threat Talks – ‘Supply Chain: Business as usual?’ for a comprehensive breakdown of supply chain attacks and defense strategies.

P.S. Think you can spot the secret code in this episode? Join the treasure hunt, submit the code and win your very own Threat Talks t-shirt!

Want to find out more about the specifics of the threats mentioned in this Threat Talks episode? Join us for our deep dives, where we highlight three of the most recent and relevant supply chain threats and take a much more technical look at the how and what of these attacks. 

SolarWinds

Dive into the details of the SolarWinds supply chain attack with this deep dive episode of Threat Talks. Explore how 18,000 entities, including the US government and Fortune 500 companies, were compromised through sophisticated malware, Sunburst.

This malware was designed to be stealthy, executing only under specific conditions to avoid detection. The intricacies of its operation, including evasion techniques and the disabling of security software, highlight the advanced nature of this threat.

How prepared is your organization to thwart these sophisticated attacks?

Learn from experts Lieuwe Jan Koning, Rob Maas and Luca Cipriano about the attack’s mechanisms, the importance of a Zero Trust strategy, and how to mitigate such risks.

Log4j

Lieuwe Jan Koning, Rob Maas and Luca Cipriano dive into the heart of the Log4j vulnerability, unearthing how a seemingly innocuous Java library became a global cybersecurity concern overnight. The conversation sheds light on the initial panic that ensued and the rapid response efforts that followed.

The discussion progresses to examine the broader implications of supply chain vulnerabilities, with Log4j serving as a stark reminder of the interconnectedness of modern software ecosystems. Insights are shared on the collaborative efforts within the open-source community and among cybersecurity professionals to address these pervasive risks.

How can companies and developers better prepare themselves to prevent or swiftly respond to similar vulnerabilities in the future?

This episode poses fundamental questions about the future of cybersecurity in an increasingly interconnected digital landscape. To discover the insights and solutions proposed by our experts, tune in to this enlightening deep dive in Log4j.

MOVEit

This episode focuses on 2023’s largest data breach, a supply chain attack orchestrated by the Klo Ransomware Group using MOVEit software. It affected over 60 million people and involved a zero-day SQL injection that enabled the installation of a webshell, LemurLoot, leading to significant data theft from U.S. federal agencies and critical infrastructures.

Despite robust certifications and security measures, the attackers managed to bypass these defenses, highlighting the challenges in fully mitigating such risks. They exploited the SQL vulnerability to manipulate, add, or remove data, and execute remote code, demonstrating the sophisticated capabilities of modern cybercriminals.

This episode’s discussion will also touch on the implications of these breaches for data sharing practices, the importance of encryption, and the evolving regulatory landscape aimed at enhancing interoperability among digital platforms in the EU and beyond.

Follow our Threat Talks podcast

Stay up to date with the latest developments in the world of cybersecurity! Alongside industry experts, we explore recent cyber threats, what their impact was and how to prevent these threats in the future.