Supply chain security is a hot issue for enterprises with increasing third party data breaches. Recent (ISC)² study indicates these breaches are more likely the fault of a large enterprise partner than a small one.
Data breach of U.S. Customs and Border Protection agency’s subcontractor has exposed around 100,000 travelers’ images which further highlight the importance of vendor security compliance.
Magecart cybercrime group appears to have broaden their supply chain attacks to target more sites by going after third-party advertising vendors that works with media or entertainment websites.
Vulnerable IT service providers are becoming entry points for supply chain attacks as seen in the recent attack on Wipro. The attack follows closely after Wipro CEO declares "security cannot be a show stopper for business priorities".
A massive supply chain attack had distributed malware to tens of thousands of ASUS computers worldwide through legitimate ASUS software updates. It appears as if the attackers had inside information about ASUS servers and systems.
Bloomberg reported that Chinese spies planted a grain-sized microchip in motherboards supplied to server manufacturers in an alleged supply chain attack. What are the lessons for enterprises?