30-Mar-21 3 Supply Chain Attacks that Wreaked Havoc (Not Named SolarWinds)
IF YOU'D LIKE TO JOIN LIVE AND/OR GET A COPY OF THE RECORDING, MAKE SURE TO REGISTER HERE (NOT JUST ON MU): https://cycode.com/3-supply-chain-attacks Tue, March 30,[masked]:00 AM - 11:00 AM PST 3 Supply Chain Attacks that Wreaked Havoc (Not Named SolarWinds) Supply chain attacks are on the rise. SolarWinds gets all the attention, but supply chain attacks are not new. This webinar will cover 3 other supply chain attacks from 2020 that also wreaked havoc on their victims. As directly attacking applications has become more difficult, attackers have turned their attention to indirect attacks that target their victims' supply chain. In other words, many attackers now attack the tools that are used to build products and services rather than the product or services themselves. Software customers and software vendors have different responsibilities to protect against Supply Chain Attacks, but responsibility for both falls on the CISO. In this webinar, we will discuss what a supply chain attack is based on real-life examples. We will review how and when various supply chain attacks have been executed and what we can learn from them. Attendees will learn actionable steps from each supply chain attack to reduce their exposure, including: • Secure development best practices • Applying least privilege policies in the dev environment • Hardening authentication • Infrastructure-as-code best practices.