Defending Against Open-Source Supply Chain Attacks

Steve King of CyberTheory on Getting Serious With Our Defense Strategy

Findings from CyberTheory’s 2021 Third Quarter Review indicate that criminals are exploiting the open-source supply chain, and those exploits are proving much more difficult to identify, defend and stop in terms of complexity and depth than we’ve seen before, says CyberTheory’s director, Steve King.

“We see that with the recent attacks on critical infrastructure with Colonial Pipeline, JBS and NEW Cooperative in Iowa, adversaries are ratcheting their game up to demonstrate their cybersecurity superiority in ways that we’re simply unable to defend against,” he says.

King advises organizations to “pump the brakes a bit and reset our architectural goals around a different way to construct our networks, a different way to rebuild our identity detection, authentication and proofing so that we can eliminate this excessive trust that is built into every one of our cyber defense systems.”

In a video interview with Information Security Media Group, King discusses:

  • Highlights from the research;
  • The rise of open-source supply chain attacks and what we can do to protect against them;
  • Predictions for 2022.

King is director of cybersecurity advisory services at Information Security Media Group. He has served in senior leadership roles in technology development for the past 19 years and has founded nine startups, including Endymion Systems and SeeCommerce. King has held leadership roles in marketing and product development, operating as CEO, CTO and CISO for several startups, including Netswitch Technology Management. He also served as CIO for Memorex, was the co-founder of the Cambridge Systems Group and has been granted numerous engineering patents.

Read more: