Over the last decade, software supply chain attacks have become increasingly more sophisticated—and more damaging.
Despite this, today’s technology vendors and buyers are completely unprepared to cope with software supply chain attacks. Even global giants Microsoft and VMware were unable to prevent infiltration of their infrastructure in last year’s attack, which targeted multiple branches of the U.S. federal government.
But how did we get to this point… and why are organizations across all industries seemingly powerless to protect themselves against software supply chain attacks?
Why Attack the Software Supply Chain?
The first thing to understand is the role of software in supply chain attacks.
Most of the high-profile attacks seen in recent years have initially targeted one or more software vendors that sell to the ultimate target. For instance, while the primary targets in last year’s attacks were federal agencies, the actors responsible initially focused on compromising software (Read more...)