Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Supply chain vulnerability becomes more prevalent

Enterprises are now more at risk to security threats from a variety of sources, including supply chain vulnerability. Here are some tips to protect your enterprise.


A supply chain vulnerability or value-chain attack occurs when a malicious actor infiltrates an enterprise’s system via third party with access to IT systems and data. As enterprises open their doors to third parties and parties that help them do business, malicious attackers have found new ways to compromise IT systems through weak links in the chain. This creates supply chain vulnerability that is costly and paralyzing for business.

Over the past few years, supply chain vulnerability have substantially expanded the attack surface and  access points through which attackers can gain entry to an enterprise.

In 2014 a breach of a large retail began with a compromise of network credentials of its HVAC vendor and were then able to install malware on point-of-sale devices. In 2018, a data breach of an entertainment ticket provider suffered a breach after a third-party providing hosted customer support provided code that had been altered by a malicious attacker.

As these examples indicate, the supply chain can be compromised through various applications, code and devices. The results are significant. According to recent data, two-thirds of respondents to a recent survey reported that their organizations had experienced a software supply chain attack, and 90% of those confirmed that they had incurred financial cost as a result. The average cost of an attack was over $1.1 million.

In this podcast, Scott Robinson, a CIO at the GlenMill Group, a healthcare provider, and Lauren Horwitz discuss the nature of supply chain vulnerability and how to address it.

Lauren Horwitz

Lauren Horwitz is the managing editor of Cisco.com, where she covers the IT infrastructure market and develops content strategy. Previously, Horwitz was a senior executive editor in the Business Applications and Architecture group at TechTarget;, a senior editor at Cutter Consortium, an IT research firm; and an editor at the American Prospect, a political journal. She has received awards from American Society of Business Publication Editors (ASBPE), a min Best of the Web award and the Kimmerling Prize for best graduate paper for her editing work on the journal article "The Fluid Jurisprudence of Israel's Emergency Powers.”