Video

How Companies Can Secure Supply Chain Amid Surge in Attacks

Sunari Dandeniya, CISO, Commercial Bank of Ceylon Sri Lanka, on Minimizing Supply Chain Attacks Shipra Malhotra (@shipramalhotra) • March 23, 2023    
Sunari Dandeniya, CISO, Commercial Bank of Ceylon PLC, Sri Lanka

Cybercriminals are increasingly targeting software supply chains to carry out data breaches, causing organizations to remain vigilant. However, according to Sunari Dandeniya, CISO of Commercial Bank of Ceylon, simply extending existing risk management efforts is insufficient. Instead, she emphasizes the need for actively monitoring inventory and conducting regular risk assessments, particularly when granting access.

See Also: Unlocking Seamless SD-WAN Deployments

According to Gartner, by 2025, at least 45% of organizations globally will have experienced attacks on their software supply chain, a three-fold increase from 2021. "Continuous assessment of inventory and risks can be the key to managing supplier risks," Dandeniya says.

Companies often focus on supply chain risks only during onboarding and while implementing standard due diligence, neglecting information security risks. To effectively manage supplier risks, she recommends implementing proper checks and balances on information security from the outset and following up with continuous risk assessments.

In this video interview with Information Security Media Group, Dandeniya discusses:

  • Top cyberthreats;
  • Managing supply chain attacks;
  • Technologies in focus.

Dandeniya has nearly 20 years of experience in the information security space. In her role at Commercial Bank of Ceylon, she is responsible for the bank's IT and operational risk management. Her focus areas include information security, audit and risk management.

Previous
ChatGPT: The Good, the Bad and the Ugly
Next
How Toyota-Astra Motors Aims to Become a Data-Driven Organization

About the Author

Shipra Malhotra

Shipra Malhotra

Managing Editor, ISMG

Malhotra has more than two decades of experience in technology journalism and public relations. She writes about enterprise technology and security-related issues and has worked at Biztech2.com, Dataquest and The Indian Express.



Around the Network

Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cio.inc, you agree to our use of cookies.