Why SBOMs are mission critical

Issue 4 2022 Cyber Security

Zero Trust and Software Bill of Materials (SBOM) are mission-critical components of today’s cybersecurity. That’s why Hikvision has released a new technology white paper, ‘Securing the Software Supply Chain: SBOMs to Protect Your Organisation’.

Technological innovation impacts our daily lives, and although it provides increased accessibility, efficiency and mobility, it also brings challenges for businesses and developers in mitigating dangerous cybersecurity and data privacy risks. Software supply chains are especially vulnerable since they host a large network of retailers, distributors and manufacturers, which creates a higher risk margin of safety and a downstream effect with repercussions for stakeholders.

Supply chain threats can take many forms, such as malware embedded in software updates, flaws found in open-source code or malicious software signed with a stolen code-signing certificate. These kinds of attacks happen so often that we need ways of not only preventing the attacks but also ways to quickly respond to them.

Zero Trust is a strategic architecture developed to prevent data breaches by eliminating the concept of trust from an organisation’s network, specifically automatic trust. In a Zero Trust framework, every user must request privileged access each time they need access to the system. In an effort to achieve a Zero Trust security posture, organisations are implementing a Software Bill of Materials (SBOM) to further enable transparency into their software components and providers.

Ultimately, maintaining an SBOM, a formal record of software containing details and supply chain relationships of various components used in building software, is critical for organisations to improve their security models and mitigate supply chain disruption.

The increased transparency SBOMs inherently possess enables an accelerated assessment of risks, vulnerabilities and dependencies in software. In the case of a crisis, like the recent Log4j vulnerability, SBOMs help organisations quickly identify active issues and minimise potential financial risks, damages to reputation and loss of productivity. Additionally, SBOMs help achieve compliance with government regulations and foster trust with customers.

When organisations properly deploy and manage SBOMs, they receive a 360-degree view of risk exposures, sometimes before threats are even active. This full-circle perspective provides valuable insight into components that might previously have required a degree of trust that could now be eliminated. After all, businesses cannot afford to be slack on security. In September 2021, the number of data breaches had already exceeded the number of events in all of 2020. Enabling a Zero Trust framework embedded with SBOMs makes technology safer throughout each segment of the supply chain lifecycle.

To learn more, download a copy of the new white paper Securing the Software Supply Chain: SBOMs to Protect Your Organisation at https://info.hikvision.com/hikvision-sbom-white-paper


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Managing data privacy concerns when moving to the cloud
Cyber Security
While the cloud offers many business benefits, it can also raise concerns around compliance, and some organisations have taken the approach of staying out of the cloud for this reason.

Accelerating your Zero Trust journey in manufacturing
IT infrastructure Cyber Security Industrial (Industry)
Francois van Hirtum, CTO of Obscure Technologies, advises manufacturers on a strategic approach to safeguarding their businesses against cyber breaches.

The democratisation of threats
Cyber Security
Bugcrowd looks at some of the primary vulnerabilities the world faced in 2021, and the risks moving forward with growing attack surfaces and lucrative returns on crime.

Protecting yourself from DDoS attacks
Cyber Security Security Services & Risk Management
A DDoS attack, when an attacker floods a server or network with Internet traffic to prevent users from accessing connected online services, can be costly in both earnings and reputation.

Exploiting Android accessibility services
Cyber Security
Pradeo Security recently neutralised an application using Android accessibility services that exploits the permission to perform fraudulent banking transactions.

Cyber resilience is more than cybersecurity
Technews Publishing Editor's Choice Cyber Security Integrated Solutions IT infrastructure
Hi-Tech Security Solutions held a round-table discussion focusing on cyber resilience and found that while the resilience discipline includes cybersecurity, it also goes much further.

Keeping devices in check
Cyber Security Asset Management, EAS, RFID IT infrastructure
Kaspersky patents new technology for analysing relationships between electronic devices to counter cyberattacks launched through connected IoT devices.

Hikvision unveils first ‘True 8K’ NVRs
Hikvision South Africa CCTV, Surveillance & Remote Monitoring Products
The new M-Series NVRs can be used with a host of Hikvision cameras, and are ideal for environments where a wide field of view and extremely high image resolution are needed.

Considering cloud downtime insurance?
Arcserve Southern Africa Cyber Security IT infrastructure Security Services & Risk Management
Byron Horn-Botha, business unit head, Arcserve Southern Africa, reveals three vital steps that you must consider to ensure business continuity before you buy insurance.

A robust OT cybersecurity strategy
Editor's Choice Cyber Security IT infrastructure Industrial (Industry)
Cyber experts are still struggling to convince senior management to spend money to protect their control system assets, resulting in a lack of even basic measures to protect control systems.