Software supply chain attacks are relatively easy to conduct and have significant payoff for attackers, so it’s no wonder why they are a top priority for CISOs.
“This is especially true if the vulnerable hardware or software has high adoption in enterprise organizations,” says Jeff Music, CISO at ReliaQuest.
While some software supply chain attacks, such as those involving MOVE AND SolarWindsAttracting considerable attention, many software supply chain attacks occur every day that don’t get their moment in the spotlight. And no one except their victims ever knew what happened.
But whether famous or obscure, they create considerable risk for organizations.
For the latest Dark Reading news Technological insights relationship, “How supply chain attacks work and how to protect against them,” we interviewed experts who shared how to implement the comprehensive security strategies needed to defend against these attacks. These include managing vendor risk, implementing security frameworks, conducting software composition reviews, and ensuring that appropriate DevSecOps practices are adopted.
The software cannot be blindly trusted
In software supply chain attacks, malicious code or components are inserted into legitimate applications or software dependencies. The malicious software then allows attackers to infiltrate organizations using such compromised systems.
Unfortunately, companies cannot blindly trust their technology environments, from end-user endpoints to the third-party vendors or open source components they rely on. These software supply chain attacks are insidious and have the power to compromise large amounts of corporate data and disrupt essential services across all business sectors.
In the case of MOVEit, for example, the attacks compromised the file personal data of millions of people and affected more than 1,050 organizations, including those in the federal government, healthcare, education, finance and insurance.
The stakes are high, and CISOs and security teams are grappling with these risks. Download a copy of ours new relationship Learn from industry experts how to implement the comprehensive security strategies you need to defend against supply chain attacks.