should be allowed on the network, in an application or on a system, without it first being tested on a sandbox. Having these management processes in place enables CISOs to control their organisation’ s environment and cover those vulnerabilities that otherwise creep in through the cracks.
Gianfranco Vinucci, COO at PCA Cyber Security:
One of the most overlooked cybersecurity risks organisations face is the growing reliance on embedded and connected technologies that fall outside the scope of traditional IT security programs. In the financial services sector, this includes payment terminals, ATMs, SoftPOS / MPoC solutions, authentication devices and the software supply chains that support them.
Many organisations assume these systems are secure because they have passed certification or compliance assessments. However, certification only represents a singular point in time, while cyberthreats evolve continuously. New vulnerabilities are discovered every day in operating systems, firmware, open-source components and third-party software. Without continuous visibility, organisations struggle to understand the potential impact of these vulnerabilities on their products and services
What makes this risk particularly significant is that embedded devices are often customer-facing. When a vulnerability is exploited, trust, brand reputation and potentially customer security are all on the line. Without continuous monitoring, underpinned by vulnerability intelligence and security testing, organisations can be the last to uncover security issues – and at risk of doing so too late.
The timing is particularly relevant as organisations prepare for the EU Cyber Resilience Act( CRA) coming into force. The regulation reflects a broader shift in cybersecurity expectations – from demonstrating compliance at static points in time to maintaining security throughout a product’ s lifecycle. Organisations that invest early in vulnerability intelligence, continuous monitoring, software transparency and product security validation will be far better positioned to reckon with the overlooked risk of embedded and connected dependencies and prosper.
Supply chain cybersecurity is all too often being overlooked by organisations.
WWW. INTELLIGENTCISO. COM / MIDDLE-EAST 27