Software Supply Chain Security: Lessons from SolarWinds and Kaseya for Financial Services
Your software is only as secure as the weakest dependency in your supply chain. The SolarWinds attack (December 2020) compromised 18,000 organisations through a single compromised software update. The Kaseya attack (July 2021) compromised 1,500 businesses through a managed service provider’s remote management tool. Financial services firms are high-value targets for supply chain attacks because they use the same software as every other organisation — but they hold more valuable data. A compromised dependency in a banking application is more valuable to an attacker than the same dependency in a startup’s application. ...