Why SBOMs are mission critical

Issue 4 2022 Information Security

Zero Trust and Software Bill of Materials (SBOM) are mission-critical components of today’s cybersecurity. That’s why Hikvision has released a new technology white paper, ‘Securing the Software Supply Chain: SBOMs to Protect Your Organisation’.

Technological innovation impacts our daily lives, and although it provides increased accessibility, efficiency and mobility, it also brings challenges for businesses and developers in mitigating dangerous cybersecurity and data privacy risks. Software supply chains are especially vulnerable since they host a large network of retailers, distributors and manufacturers, which creates a higher risk margin of safety and a downstream effect with repercussions for stakeholders.

Supply chain threats can take many forms, such as malware embedded in software updates, flaws found in open-source code or malicious software signed with a stolen code-signing certificate. These kinds of attacks happen so often that we need ways of not only preventing the attacks but also ways to quickly respond to them.

Zero Trust is a strategic architecture developed to prevent data breaches by eliminating the concept of trust from an organisation’s network, specifically automatic trust. In a Zero Trust framework, every user must request privileged access each time they need access to the system. In an effort to achieve a Zero Trust security posture, organisations are implementing a Software Bill of Materials (SBOM) to further enable transparency into their software components and providers.

Ultimately, maintaining an SBOM, a formal record of software containing details and supply chain relationships of various components used in building software, is critical for organisations to improve their security models and mitigate supply chain disruption.

The increased transparency SBOMs inherently possess enables an accelerated assessment of risks, vulnerabilities and dependencies in software. In the case of a crisis, like the recent Log4j vulnerability, SBOMs help organisations quickly identify active issues and minimise potential financial risks, damages to reputation and loss of productivity. Additionally, SBOMs help achieve compliance with government regulations and foster trust with customers.

When organisations properly deploy and manage SBOMs, they receive a 360-degree view of risk exposures, sometimes before threats are even active. This full-circle perspective provides valuable insight into components that might previously have required a degree of trust that could now be eliminated. After all, businesses cannot afford to be slack on security. In September 2021, the number of data breaches had already exceeded the number of events in all of 2020. Enabling a Zero Trust framework embedded with SBOMs makes technology safer throughout each segment of the supply chain lifecycle.

To learn more, download a copy of the new white paper Securing the Software Supply Chain: SBOMs to Protect Your Organisation at https://info.hikvision.com/hikvision-sbom-white-paper


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Hikvision launches latest range of cameras
Hikvision South Africa Surveillance AI & Data Analytics
Hikvision has launched its latest network cameras with ColorVu 3.0 technology and EasyIP 4.0 Plus, which elevate video security by delivering improved image quality, enhanced intelligent functions, superior audio capabilities, and a refined product design and materials.

Read more...
Are we over the edge?
SMART Security Solutions Axis Communications SA Hikvision South Africa IoT & Automation
SMART Security Solutions speaks to Axis Communications and Hikvision to learn what is happening on the edge of surveillance solutions. Is everything now in the cloud, or are edge devices still in demand?

Read more...
What does Agentic AI mean for cybersecurity?
Information Security AI & Data Analytics
AI agents will change how we work by scheduling meetings on our behalf and even managing supply chain items. However, without adequate protection, they become soft targets for criminals.

Read more...
Phishing attacks through SVG image files
Kaspersky News & Events Information Security
Kaspersky has detected a new trend: attackers are distributing phishing emails to individual and corporate users with attachments in SVG (Scalable Vector Graphics) files, a format commonly used for storing images.

Read more...
Crypto in SA: between progress and precaution
Information Security
“As cryptocurrency gains momentum and legitimacy, it’s becoming increasingly important for people to pay attention to financial security”, says Richard Frost, head of technology and innovation at Armata Cyber Security.

Read more...
Cyber recovery requires a different approach to disaster recovery
Information Security
Disaster recovery is about getting operations back on track after unexpected disruptions; cyber recovery, however, is about calculated actions by bad actors aiming to disrupt your business, steal sensitive data, or hold your system hostage.

Read more...
MDR users claim 97,5% less
Sophos Information Security
The average cyber insurance claim following a significant cyberattack is just $75 000 for MDR users, compared with $3 million for endpoint-only users, according to a new independent study.

Read more...
The impact of GenAI on cybersecurity
Sophos News & Events Information Security
Sophos survey finds that 89% of IT leaders worry GenAI flaws could negatively impact their organisation’s cybersecurity strategies, with 87% of respondents stating they were concerned about a resulting lack of cybersecurity accountability.

Read more...
Efficient, future-proof estate security and management
Technews Publishing ElementC Solutions Duxbury Networking Fang Fences & Guards Secutel Technologies OneSpace Technologies DeepAlert SMART Security Solutions Editor's Choice Information Security Security Services & Risk Management Residential Estate (Industry) AI & Data Analytics IoT & Automation
In February this year, SMART Security Solutions travelled to Cape Town to experience the unbelievable experience of a city where potholes are fixed, and traffic lights work; and to host the Cape Town SMART Estate Security Conference 2025.

Read more...