On-Demand Webinar

How can internal audit react to the advanced persistent threat of supply chain attacks?


In mid-December, cyberhacks via third-party software were discovered to have affected many government and enterprise organizations. Dubbed by the CISA (Cybersecurity & Infrastructure Security Agency) as an "advanced persistent threat," these recent attacks are an inflection point. Every organization may be asymptomatically affected. CISOs—who were already stretched thin—now face the daunting task of detecting and addressing potential unauthorized use of valid accounts.

Supply chain attacks prove that an organization’s security is only as strong as its weakest provider.

As an auditor, you can no longer delegate addressing these risks to information security or third-party risk teams—you need to be an active participant. In this webinar, we will discuss what supply chain attacks are, and how audit teams should respond to strengthen internal controls around these advanced persistent threats.

By the end of this session, you'll be able to:

  • Describe what a supply chain attack is, and why it can be so difficult to detect
  • List 3 methods attackers use to execute a supply chain attack
  • Collaborate effectively with information security and third-party risk teams to address this ongoing threat
  • Add specific procedures to your audit program to reduce your organization's exposure to these risks
  • Acquire tools and techniques for detecting and addressing the risk and fallout of recent cyber attacks

Phil Lim

Senior Product Manager, Galvanize

Phil Lim is a senior product manager at Galvanize. He has eleven years of experience advising audit, risk, compliance, and finance teams of Fortune 500 organizations as well as all levels of government. Phil has deep experience implementing programs aimed at monitoring for anti-bribery, data privacy, and fraud, waste, and abuse risk.

Vignesh Selvam

Product Manager, Galvanize

Vignesh Selvam has over 8 years of experience in Product and Analyst roles across IT security and analytics. At Galvanize, he is a Product Manager and is primarily responsible for understanding customer needs in terms of IT Risk and prioritizing the roadmap for the IT Risk management products.