Go to listing page

Software Supply Chain Attacks and What is Being Done to Counter Them

Software Supply Chain Attacks and What is Being Done to Counter Them
With the growing use of technology in business processes, security concerns keep piling up. The same goes for the security of supply chains, especially after the devastating SolarWinds attack. In keeping up with these attacks, governments have taken actions to fortify national cyber defenses against supply chain attacks.

Measures taken

  • Earlier in May, an executive order was issued by the White House stating the need to enforce predictable and stringent techniques to ensure the security and integrity of critical software. The government aims to improve the security of the software supply chain by focusing on critical software.
  • The U.K government has announced a call for views on improving supplier risk and management cyber resilience. It has, furthermore, delineating ways to reinforce IT MSPs and defense of supply chains.

Some stats your way

These numbers have been analyzed by DCMS in its Cyber Security Breaches Survey 2021.
  • Only 12% of businesses in the U.K ended up reviewing cyber risks posed by their immediate suppliers, only 5% have done it for a broader supply chain.
  • Businesses operating in the information & communications and finance & insurance sectors are more likely (26%) to track immediate supply chain risks.

Why it matters

Following the series of sophisticated attacks on Codecov, web supply chain security has gained a status of supreme importance. Web supply chains are dependent on multiple third-party suppliers, making a security analysis harder. Hence, this leaves a security blind spot, which attackers take advantage of. Moreover, this is one of the popular approaches to a direct breach.

The bottom line

In order to effectively manage software supply chain security, organizations are required to set ground rules, which would eventually block malicious behaviors. The initiatives taken by governments are the right step toward better supply chain security.

Cyware Publisher

Publisher

Cyware