June 24, 2025

Securing the Software Supply Chain

17 minutes

Navigating Modern Cybersecurity: From Supply Chain Risks to AI Evolution. In this episode of ⁠Data Security Decoded⁠, ⁠Allison Wikoff⁠, a 20-year veteran in information security and threat intelligence, explores current cybersecurity challenges, emerging threats, and practical defensive strategies for organizations of all sizes.

What You'll Learn:

How to prioritize vulnerability management by focusing on critical edge devices and access points

Why understanding your network architecture is crucial for effective threat defense

The reality of AI in cyber attacks: current uses, limitations, and practical defense strategies

How to build supply chain resilience through vendor assessment and backup supplier planning

Why older vulnerabilities remain a primary attack vector and how to address them effectively

The framework for developing an actionable threat profile tailored to your organization's needs

Key Insights:

Threat actors increasingly target known vulnerabilities over sophisticated zero-day exploits

Supply chain security requires understanding vendor access levels and maintaining secondary suppliers

AI adoption in cyber attacks remains focused on basic tasks like improving phishing emails and code generation

Organizations should prioritize patching vulnerabilities in edge devices like VPNs and WAFs

Building an effective security strategy starts with understanding your organization's specific threat profile

Partnering with vendors and suppliers can help smaller organizations enhance their security capabilities

Highlights:

[00:00:00] Vulnerability Exploitation Trends

Allison Wikoff reveals that vulnerability exploitation has become a dominant attack vector across both criminal and state-sponsored threat actors. The shift marks a departure from traditional assumptions that mainly espionage-focused groups leveraged vulnerabilities.

[04:30] Supply Chain Security Essentials

Wikoff emphasizes that modern supply chain security requires looking beyond just your own organization's defenses. Organizations must thoroughly understand their vendors' access levels and potential impact on operations.

[07:23] AI in Cybersecurity: Reality vs Hype

Tolin shares that while AI adoption by threat actors is increasing, it hasn't revolutionized attack tactics as many feared. Current AI usage focuses mainly on improving phishing email quality and assisting with malware code generation.

[14:08] Threat Profile Development

Tolin advocates for organizations to start by understanding what assets would interest attackers rather than chasing every new threat. The rapidly changing threat landscape makes it impossible to defend against everything, requiring a focused approach based on your specific risk profile.

Episode Resources:

Caleb Tolin on LinkedIn

Allison Wikoff on LinkedIn

PwC website

PwC - Year in Retrospect Report 2024

Rubrik Zero Labs website

...more