In recent articles, we’ve argued that software supply chain attacks are among the most serious cyber threats of our time—and given recommendations for how regulators could help solve the problem.
But how much of a threat do software supply chain attacks really pose to the U.S.?
What is a Software Supply Chain Attack?
To quickly recap—in a software supply chain attack, a hacking group infiltrates a technology vendor’s network to abuse its trusted relationship with customers and partners. The ultimate goal of this type of attack is to gain access to the networks of one or more high-value organizations.
Often, the real target is an organization with high cyber maturity that would be difficult to breach directly. Rather than invest time and resources to infiltrate the target directly, hacking groups instead infiltrate the organization’s suppliers and abuse any legitimate connections they have with the target.
