The SolarWinds hack was a classic supply chain attack, compromising downstream organizations in order to traverse the victim’s extended enterprise of customers, suppliers, vendors and other third parties to gain unauthorized access to their on-premises and cloud systems.

The hack was unprecedented, transforming a core security product into a malware delivery system that provided unauthorized access to sensitive data for a minimum of nine months by escalating privileges, forging access tokens, and other alterations that went undetected.

Minimize supply chain cyberattacks

How can your organization protect itself from data breach by affected third parties in your supply or value chain? Apart from “basics” such as enforcing least privilege for third-party users and forcing administrative password resets on initial use (to avoid “username:admin, password:admin” scenarios), below are four unique and effective ways your organization can mitigate access-related third-party risk.

4 things you can do to minimize cyberattacks on supply and value chains