Supply chain attacks target the weakest spot in most every enterprise’s security program: third-party access.
The SolarWinds hack was a classic supply chain attack, compromising downstream organizations in order to traverse the victim’s extended enterprise of customers, suppliers, vendors and other third parties to gain unauthorized access to their on-premises and cloud systems.
The hack was unprecedented, transforming a core security product into a malware delivery system that provided unauthorized access to sensitive data for a minimum of nine months by escalating privileges, forging access tokens, and other alterations that went undetected.
Minimize supply chain cyberattacks
How can your organization protect itself from data breach by affected third parties in your supply or value chain? Apart from “basics” such as enforcing least privilege for third-party users and forcing administrative password ..
Support the originator by clicking the read the rest link below.
