Supply chain vulnerabilities present a critical challenge to organizational security, especially in light of recent high-profile breaches impacting U.K. organizations. This session will shine a light on advanced strategies for securing supply chains and mitigating risk among third-party partnerships.

Recent incidents such as the 2024 breach of the U.K. Ministry of Defence, which involved a third-party payroll system managed by SSCL, highlight the significant risks posed by third-party software providers. This breach exposed the personal data of nearly 270,000 current and former staff, underscoring the necessity for rigorous supply chain security and the adoption of comprehensive risk management frameworks. Dom Lucas, head of security, British International Investment, and Brian Brackenborough, CISO, Channel 4, will provide practical insights into implementing robust security measures, conducting thorough risk assessments, and establishing resilient monitoring systems.

In this session, you will gain insights on:

• Proactive risk management: How to integrate comprehensive threat intelligence and adopt best practices for evaluating third-party vendors, drawing lessons from recent high-profile breaches
• Advanced security controls: Best practices for deploying security controls such as code signing, software integrity verification and secure boot mechanisms to safeguard supply chain components
• Continuous monitoring and incident response: Insights into setting up effective monitoring systems to detect signs of compromise or suspicious activity in the supply chain and develop robust incident response plans to mitigate the impact of breaches