3rd Party Risk Management , Fraud Management & Cybercrime , Geo Focus: Asia

Improving the Response to Supply Chain Attacks

Palo Alto Networks' Sean Duca Says Education Helps But Better Planning Is Needed
Sean Duca, vice president and regional chief security officer, Asia-Pacific and Japan, Palo Alto Networks, and CyberEdBoard executive member

Response to supply chain attacks has evolved due to increased awareness and education, but more work needs to be done to understand how challenges can be addressed more systematically, says Sean Duca, vice president and regional chief security officer, Asia-Pacific and Japan, Palo Alto Networks.

See Also: Bank on Seeing More Targeted Attacks on Financial Services

"I talk to organizations across the region and I see varying levels of maturity in terms of their level of understanding," Duca says. "Every cybersecurity agency in Singapore is actively talking about it." He says agencies in other parts of the world "are also thinking about it and trying to roll out plans and programs to address some of these supply chain problems."

The biggest vulnerability for organizations is around software that exists inside their environment but is not being used, according to Duca. "Asset inventory around the types of applications that are actually being used is not … in place. So the foremost thing is to identify your assets," he says.

Duca also says most organizations have a low awareness of whether problems exist. "Do we actually have visibility and an understanding of those challenges?" he asks. "Could we mitigate and do we have a plan or some response in place?"

In this video interview with Information Security Media Group, Duca also discusses:

  • Shifting left to consider security during the design and build phases;
  • The impact of supply chain attacks on critical infrastructure;
  • Risks posed to Singapore's digital supply chain - and what is being done about them.

Duca spearheads the development of thought leadership, threat intelligence and security best practices for the cybersecurity community and business executives. He has more than 20 years of experience in the IT security industry and advises organizations across the region, helping them improve their security postures and align security strategically with business initiatives.


About the Author

Brian Pereira

Brian Pereira

Sr. Director - Editorial, ISMG

Pereira has nearly three decades of journalism experience. He is the former editor of CHIP, InformationWeek and CISO MAG. He has also written for The Times of India and The Indian Express.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.