Managed Service Providers: a target of choice for supply chain attacks?
Moderator: Irfan Hemani, Deputy Director for Cyber Security, Department for Digital, Culture, Media and Sport (DCMS), United Kingdom
John Watters, President, FireEye
Udi Mokady, Co-Founder, Chairman & CEO, CyberArk
Recent cyber-attacks such as SolarWinds have shown how malicious actors increasingly leverage vulnerabilities in supply chains to reach their ultimate targets. Such supply-chain attacks may involve managed service providers (MSPs), i.e. specialist firms that provide services such as network management or digital security. As they typically have privileged access to their customers’ information systems, MSPs can be used as a powerful attack vector. Given that MSPs often have a multitude of customers, including across borders, a security breach in an MSP can have significant consequences for a large number of businesses and public sector organisations globally.