Understanding & Preparing Your Business for Supply Chain Attacks

Technology

A software supply chain attack is a type of cyber attack. It is an attack on any part of the software supply chain, which can be categorized as all of the dependencies that a piece of software has which are outside of its immediate control.

SOFTWARE SUPPLY CHAIN ATTACKS

Understanding & Preparing Your Business for Supply Chain Attacks

What is a Software Supply Chain Attack?

A software supply chain attack is a type of cyber attack. It is an attack on any part of the software supply chain, which can be categorized as all of the dependencies that a piece of software has which are outside of its immediate control.

A recent example of one such ‘attack’ (attack being a misnomer, it was rather the discovery of a vulnerability) on Log4J in late 2021. The vulnerability was almost immediately used by attackers to target vulnerable systems. It disrupted many businesses which had to take down critical systems until they could be patched.

How do Software Supply Chain Attacks Occur?

Software supply chain attacks are a type of cyber attack that occurs when a malicious actor modifies the source code of an application. They can also occur when attackers find and leverage an existing vulnerability before it is widely patched.

Even when a vulnerability or an attack become widely known, it can still be hard to know if your systems are vulnerable or if they should be patched. Libraries often depend on other libraries which depend on other libraries (hence the term supply chain) without making it evident to the developer. A vulnerable piece of code could be several layers deep.

How Can Your Organization Prepare for a Software Supply Chain Attack?

All businesses are vulnerable to supply chain attacks, but there are things that can be done to reduce the risk. Here are some ways to protect your organization from a software supply chain attack:

-Develop a plan for how you will respond to a software supply chain attack.

-Produce and maintain a Software Bill of Materials. When you become aware of new attacks or vulnerabilities you can quickly check against your Bill of Materials and know if you are vulnerable.

-Prepare procedures for various software services being temporarily offline until they can be investigated and patched.

-Train employees on how to handle such an event.

Get In Touch