In this TechTravelMonitor Executive Q&A, Takanori Nishiyama, SVP APAC and Japan Country Manager at Keeper Security, discusses the growing risks of supply chain breaches, their impact on organizations of all sizes, and the steps business leaders must take to build resilience.
Recent incidents like the Salesloft and Drift breaches show how vulnerable organizations can be through third-party apps. Why have supply chain integrations become such a prime target for attackers?
Nishiyama: Attackers know that trust is often the weakest link in cybersecurity. Third-party integrations are deeply embedded into business operations, yet they frequently carry persistent and overly broad permissions. Compromising a single connector can open the door to multiple systems without the need to breach a company’s core infrastructure. As organizations continue to expand their reliance on SaaS platforms, APIs and cloud services, the attack surface has widened dramatically. Supply chain compromises are particularly attractive because they allow attackers to scale – exploiting one weak link to impact dozens or even hundreds of downstream organizations.
You highlighted that micro, small, and medium-sized enterprises (MSMEs) in Asia-Pacific face the same level of risk as large enterprises but with fewer resources. What unique challenges do these smaller businesses face in securing their vendor ecosystems?
Nishiyama: Micro, Small and Medium-Sized Enterprises (MSMEs) are the backbone of the Asia-Pacific (APAC) economy, yet they often operate with lean security teams, smaller budgets and limited influence in vendor negotiations. Many rely heavily on managed service providers and lack the resources for continuous vendor risk assessments or real-time monitoring. This leaves hidden risks unaddressed. A single disruption, whether a supplier outage or a compromised integration, can cause outsized financial and reputational harm. In many cases, a single breach can force a company out of business.
You’ve stressed that supply chain security must be a board-level priority. What concrete steps should business leaders take right now to reduce their exposure to third-party breaches?
Nishiyama: Supply chain resilience must move beyond IT and into the boardroom. Business leaders should:
* Map their vendor ecosystem to understand which applications hold sensitive data or elevated access.
* Enforce the principle of least-privilege, ensuring integrations and vendors only receive the minimum access needed.
* Require recognized certifications such as SOC 2 or ISO 27001 to ensure suppliers maintain strong security practices.
* Conduct regular reviews and audits, especially of high-risk vendors.
* Establish incident response protocols so vendor access can be revoked immediately to minimize disruption.
This proactive, risk-based approach not only reduces exposure but also strengthens trust with customers and regulators.
Looking ahead, what role do zero-trust principles, privileged access management, and continuous monitoring play in helping APAC organizations build resilience against future supply chain attacks?
Nishiyama: Zero-trust provides the foundation: never assume trust, always verify. Privileged Access Management (PAM) operationalizes this by ensuring elevated credentials are only granted when absolutely necessary and revoked immediately after use. This greatly reduces the attack surface and prevents lateral movement if the attacker does successfully gain access. Continuous monitoring delivers visibility into how third-party integrations and privileged accounts are being used day to day, flagging anomalies before they escalate into major incidents. When combined with zero-knowledge encryption and strong credential stewardship, these practices form a modern blueprint for protecting organizations across APAC against evolving supply chain threats.
READ ALSO: EXECUTIVE Q&A: Why data sovereignty is now a business imperative for PH companies
READ MORE TECH NEWS.
