Supply Chain Attack
A cyberattack that targets an organisation by compromising a less-secure vendor, supplier, or software provider that has access to the target's systems or data.
A supply chain attack targets the weakest link — not your organisation directly, but a vendor, software provider, or business partner that has access to your systems. Attackers compromise the supplier first, then use that trusted connection to reach your network, data, or customers. High-profile examples include the SolarWinds and Kaseya attacks, which affected thousands of downstream organisations.
For Malaysian SMEs
If you use third-party software, cloud services, or IT vendors, you are part of a supply chain. Assess your vendors' security practices, limit the access they have to your systems, and include security requirements in vendor contracts. BNM's RMiT framework specifically addresses technology outsourcing risk for financial sector participants.