Cybersecurity and business professionals are waking up to the risks of supply chain cybersecurity threats and attacks. The Supermicro bug a few years ago highlighted the vulnerabilities even the most sophisticated organizations face when trying to prevent supply chain cybersecurity attacks.
In 2015, several large U.S. firms, including Amazon and Apple, discovered tiny, unauthorized chips on server boards from Supermicro, a U.S. company founded by Taiwanese immigrants in 1993. In a nutshell, the chips appeared to have been placed there by unauthorized third parties — widely believed to be Chinese hackers — for the purpose of injecting malware into the servers. Amazon allegedly discovered the hardware hacks while purchasing Elemental, a video compression software startup that had contracts with major U.S defense intelligence agencies.
The Supermicro example illustrates the growing challenges and risks of global supply chains, which are primarily that any component can be modified without leaving a trace and then accessed remotely.
What should enterprises do in response to a similar supply chain security threat? Unfortunately, there’s bad news, and then, there’s worse…
