For most global companies, supply chain risk management traditionally has focused on managing third-party risks—often in the limited context of the physical supply chain. But what the SolarWinds cyber-attack harshly revealed is the catastrophic havoc fourth and fifth parties can also wreak in the often-ignored cloud supply chain.
Hackers implanted malicious code into the software-build process of SolarWinds’ Orion products in order to compromise customers’ Orion services using a backdoor and steal their data.
