“Software supply chain attacks are at the top of all CISOs’ minds,” says ReliaQuest CISO Jeff Music.

Music attributes the popularity of software supply chain attacks to the fact that these attacks are relatively easy to conduct and have a significant payoff for the attacker. “This is especially the case if the vulnerable hardware or software has a high adoption across enterprise organizations,” he says.

While some software supply chain attacks, such as the ones involving MOVEit and SolarWinds, garnered considerable attention there are many software supply chain attacks occurring every day that don’t get their moment in the spotlight. For many such incidents, no one beyond the victims will ever hear about what happened.