What is a Supply Chain? There are different ways to explain it, but to keep it short: "A supply chain consists of all parties that are involved, directly or indirectly, in fulfilling your services or delivering your products."
A supply chain attack is very lucrative for hackers because instead of hacking one target every time, they now only have to hack one supplier and they often also bypass the more secure environments of all those customers.
To cite two recent real-life examples:
Kaseya
This party was hacked by a zero-day vulnerability. ICT companies used this supplier to remotely manage computer systems and servers of customers. So the hackers had access to all those servers at once
SolarWinds
This IT monitoring and management software company was hacked, affecting thousands of companies and government agencies worldwide. In fact, this was one of the biggest hacks in history.
There are many more examples, but they only show how important your supply chain is. And this is not only IT related of course, but it concerns everything you deliver. How dependent are you on your suppliers and do you have a backup plan? Always good for an entrepreneur to include this in his strategy.
Since the writing space on these Linkedin posts is always limited and I also like to hear from professionals how to deal with such a risk, I am curious what solutions you have to be better prepared for a supply chain attack, just terms for inspiration :
- PAM framework
- SBOM
- ISMS
- Lateral movement
- Zero Trust, monitoring
- IAM
- Encryption
- Patching
- Identify data breaches at your own suppliers