- I tested the best Mint alternatives, and this is my favorite money app
- 5 ways to achieve AI transformation that works for your business
- Tech winners and losers of 2024: For every triumph, a turkey
- The ReMarkable 2 remains one of my favorite creative tools, and it's $70 off for Black Friday
- Join BJ's Wholesale Club for just $20 and save on holiday shopping
Top 5 things to know about supply chain attacks
Worried about supply chain attacks? Tom Merritt can help you understand your risk.
Whether its Stuxnet, SolarWinds or Microsoft Exchange, chances are you’ve read about supply chain attacks. But, hey, you follow all the security procedures right? You’re not going to get targeted, right? Hmm.
Here are five things to know about supply chain attacks.
- It doesn’t target you. It targets your suppliers. Hence the name. You trust your suppliers so you let them in your network. At its base, a supply chain attack looks for a weak link in the companies that deliver you services and attempts to get into your network through them.
- It can affect almost any industry. Financial, energy, manufacturing, transportation. Any business that uses services and makes money could be a target of a supply chain attack.
- It may or may not involve either hardware or the internet. Most of top of mind is Solar Winds, of course, where that company was breached and then multiple clients who used Solar Winds software were breached. It used to be more associated with hardware attacks, like installing rootlets on electronics in the factory. Although technically if you contract to a warehouse to guard your goods, and that warehouse gets robbed, it’s a supply chain attack.
- Open source is a target. Attackers often try to compromise open source development or distribution to gain a foothold into companies. Thankfully, the number of eyes on open source software helps defend against these attacks but that won’t stop the bad guys from trying. So, be one of the contributors helping keep it secure.
- You have a lot of ways to defend yourself. Even though you’re not in charge of the vulnerability in this case, you have options. Make sure your vendors meet tough security standards and agree to third-party testing. And there are multiple ways to defend within your network and scan for malicious activity.
Supply chain attacks are not new but they also aren’t going away. Gone are the days of buying cheap software and not worrying about it.
Subscribe to TechRepublic Top 5 on YouTube for all the latest tech advice for business pros from Tom Merritt.