As many organizations have become more reliant on third-party software partnerships, the supply chain has inadvertently become an integral part of how most businesses operate. Vendors provide critical components of an organization's operation, including software and hardware. Therefore, potential security risks lurk in every relationship between an organization and its supplier base.

Supply chain attacks are an emerging threat that target software developers and suppliers. The goal is to access source codes, build processes or update mechanisms by infecting legitimate apps to distribute malware. According to a survey conducted in June 2020 by Opinion Matters for BlueVoyant, 80% of organizations have had a breach that was caused by one of their vendors. Despite the high risk of a breach through a supplier, 77% of respondents said they had limited visibility into those vendors.

Highly-funded threat actors have realized that though their cyberattacks against a security conscious organization would most likely not be worth the effort, by targeting and exploiting an organization's supply chain, they could use this attack vector as an easier point of entry to gain a foothold into an organization's critical networks and systems. The recent massive cyberattack which impacted U.S. government agencies and some of the world's largest corporations allowed adversaries to obtain access to systems through a compromised third-party software update. This incident is drawing global attention to the damage software supply chain attacks can cause and just how widespread the impact can be—regardless of an organization's size, monetary value or security posture. Moreover, it highlights that in an increasingly tech-driven world, we need to pay close attention to the vendors and products we choose.