What is Supply Chain Attack?

Understanding Supply Chain Attack

A Supply Chain Attack targets the less-secure elements in your supply network to ultimately compromise your organization. Rather than attacking your fortress directly, attackers go after the vendors, suppliers, or software developers you trust. The SolarWinds hack perfectly illustrates this: attackers compromised the software development environment, inserted malicious code into a legitimate software update, which then got distributed to thousands of organizations who trusted the source. These attacks are so dangerous because they exploit trusted relationships and bypass most security controls. They're also increasing in frequency as attackers realize it's often easier to compromise one supplier than to directly attack hundreds of well-defended targets. Defending requires rigorous vendor security assessments, software composition analysis, and operating under the assumption that even trusted components might be compromised.