Why SBOMs are mission critical

Issue 4 2022 Information Security

Zero Trust and Software Bill of Materials (SBOM) are mission-critical components of today’s cybersecurity. That’s why Hikvision has released a new technology white paper, ‘Securing the Software Supply Chain: SBOMs to Protect Your Organisation’.

Technological innovation impacts our daily lives, and although it provides increased accessibility, efficiency and mobility, it also brings challenges for businesses and developers in mitigating dangerous cybersecurity and data privacy risks. Software supply chains are especially vulnerable since they host a large network of retailers, distributors and manufacturers, which creates a higher risk margin of safety and a downstream effect with repercussions for stakeholders.

Supply chain threats can take many forms, such as malware embedded in software updates, flaws found in open-source code or malicious software signed with a stolen code-signing certificate. These kinds of attacks happen so often that we need ways of not only preventing the attacks but also ways to quickly respond to them.

Zero Trust is a strategic architecture developed to prevent data breaches by eliminating the concept of trust from an organisation’s network, specifically automatic trust. In a Zero Trust framework, every user must request privileged access each time they need access to the system. In an effort to achieve a Zero Trust security posture, organisations are implementing a Software Bill of Materials (SBOM) to further enable transparency into their software components and providers.

Ultimately, maintaining an SBOM, a formal record of software containing details and supply chain relationships of various components used in building software, is critical for organisations to improve their security models and mitigate supply chain disruption.

The increased transparency SBOMs inherently possess enables an accelerated assessment of risks, vulnerabilities and dependencies in software. In the case of a crisis, like the recent Log4j vulnerability, SBOMs help organisations quickly identify active issues and minimise potential financial risks, damages to reputation and loss of productivity. Additionally, SBOMs help achieve compliance with government regulations and foster trust with customers.

When organisations properly deploy and manage SBOMs, they receive a 360-degree view of risk exposures, sometimes before threats are even active. This full-circle perspective provides valuable insight into components that might previously have required a degree of trust that could now be eliminated. After all, businesses cannot afford to be slack on security. In September 2021, the number of data breaches had already exceeded the number of events in all of 2020. Enabling a Zero Trust framework embedded with SBOMs makes technology safer throughout each segment of the supply chain lifecycle.

To learn more, download a copy of the new white paper Securing the Software Supply Chain: SBOMs to Protect Your Organisation at https://info.hikvision.com/hikvision-sbom-white-paper


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Access & identity expectations for 2024
Technews Publishing IDEMIA ZKTeco Gallagher Salto Systems Africa Regal Distributors SA Reditron Editor's Choice Access Control & Identity Management Information Security AI & Data Analytics
What does 2024 have in store for the access and identity industry? SMART Security Solutions asked several industry players for their brief thoughts on what they expect this year.

Prepare for cyber-physical attacks
Gallagher Information Security Access Control & Identity Management
As the security landscape continues to evolve, organisations must fortify their security solutions to embrace the changing needs of the security and technology industries. Nowhere is this more present than with regard to cybersecurity.

Zero Trust and user fatigue
Access Control & Identity Management Information Security
Paul Meyer, Security Solutions Executive, iOCO OpenText, says implementing Zero Trust and enforcing it can create user fatigue, which only leads to carelessness and a couldn’t care attitude.

Passwordless, unphishable web browsers
Access Control & Identity Management Information Security
Passkey technology is proving to be an easily deployed way to bring unphishable, biometric-based security to browsers; making identification and authentication much more secure and reliable for all parties.

Time is of the essence
Information Security
Ransomware attacks are becoming increasingly common. Yet, many individuals and organisations still lack a clear understanding of how these attacks occur and what can be done to secure their data.

Hik-Connect for Teams released
Hikvision South Africa Products & Solutions Surveillance
Hikvision has released an update for its security management platform; Hik-Connect for Teams not only meets the specific needs of individual users, but also caters to various medium-sized businesses (SMBs) and multi-site management scenarios.

All aspects of data protection
Technews Publishing Editor's Choice Information Security Infrastructure AI & Data Analytics
SMART Security Solutions spoke to Kate Mollett, Senior Director, Commvault Africa, about the company and its evolution from a backup specialist to a full data protection specialist, as well as the latest announcements from the company.

The song remains the same
Sophos Information Security
Sophos report found that telemetry logs were missing in nearly 42% of the attack cases studied. In 82% of these cases, cybercriminals disabled or wiped out the telemetry to hide their tracks.

How hackers exploit our vulnerabilities
Information Security Risk Management & Resilience
Distractions, multi-tasking, and emotional responses increase individuals’ vulnerability to social engineering, manipulation, and various forms of digital attacks; 74% of all data breaches included a human element.

Projections for 2024’s Advanced Threats Landscape
News & Events Information Security
Kaspersky Global Research and Analysis Team (GReAT) experts offer insights and projections for 2024 in the Kaspersky Security Bulletin, with a focus on the evolution of Advanced Persistent Threats (APT).