Problem: supply chain attacks The supply chain in information systems is a huge pyramid, often with the cloud-based infrastructure of a commercial software vendor on top. Instead of attacking a single computer or the network of just one company, the top of a software supply chain is more attractive because malware is distributed to thousands or millions of victims. We had several of these supply chain attacks recently. Public infrastructure got damaged and millions of euros of ransom has been paid. A super attractive target for attacks are remote management systems running in the cloud. Imagine there is a national cleaning service that cleans all houses in a country. For the comfort of the customers, the cleaning service has keys to all houses. The box with all the keys is very attractive for a burglar. The comparison lags because in information technology it happens on an international level. Companies that run remote management SaaS have the keys to fully access billions of computers
Comments
Post a Comment