{"id":90008,"date":"2019-10-16T09:00:54","date_gmt":"2019-10-16T16:00:54","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=90008"},"modified":"2023-05-15T23:02:40","modified_gmt":"2023-05-16T06:02:40","slug":"guarding-against-supply-chain-attacks-part-1-big-picture","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/","title":{"rendered":"Guarding against supply chain attacks\u2014Part 1: The big picture"},"content":{"rendered":"<p>Every day, somewhere in the world, governments, businesses, educational organizations, and individuals are hacked. Precious data is stolen or held for ransom, and the wheels of \u201cbusiness-as-usual\u201d grind to a halt. These criminal acts are expected to cost more than <a href=\"https:\/\/www.juniperresearch.com\/press\/press-releases\/cybercrime-cost-businesses-over-2trillion-by-2019\" target=\"_blank\" rel=\"noopener noreferrer\">$2 trillion in 2019,<\/a> a four-fold increase in just four years. The seeds that bloom into these business disasters are often planted in both hardware and software systems created in various steps of your supply chain, propagated by bad actors and out-of-date business practices.<\/p>\n<p>These compromises in the safety and integrity of your supply chain can threaten the success of your business, no matter the size of your operation. But typically, the longer your supply chain, the higher the risk for attack, because of all the supply sources in play.<\/p>\n<p>In this blog series, \u201cGuarding against supply chain attacks,\u201d we examine various components of the supply chain, the vulnerabilities they present, and how to protect yourself from them.<\/p>\n<h3>Defining the problem<\/h3>\n<p>Supply chain attacks are not new. The National Institute of Standards and Technology (NIST) has been focused on driving awareness in this space since 2008. And this problem is not going away. In 2017 and 2018, according to Symantec, <a href=\"https:\/\/www.nextgov.com\/cybersecurity\/2019\/02\/supply-chain-attacks-spiked-78-percent-2018-cyber-researchers-found\/154996\/\" target=\"_blank\" rel=\"noopener noreferrer\">supply chain attacks rose 78 percent<\/a>. Mitigating this type of third-party risk has become a major board issue as executives now understand that partner and supplier relationships pose fundamental challenges to businesses of all sizes and verticals.<\/p>\n<p>Moreover, for compliance reasons, third-party risk also continues to be a focus. In <a href=\"https:\/\/www.dfs.ny.gov\/industry_guidance\/cyber_faqs\" target=\"_blank\" rel=\"noopener noreferrer\">New York State<\/a>, <a href=\"https:\/\/nebraskalegislature.gov\/laws\/search_range_statute.php?begin_section=87-801&amp;end_section=87-807\" target=\"_blank\" rel=\"noopener noreferrer\">Nebraska<\/a>, and elsewhere in the U.S., third-party risk has emerged as a significant compliance issue.<\/p>\n<p>Throughout the supply chain, hackers look for weaknesses that they can exploit. Hardware, software, people, processes, vendors\u2014all of it is fair game. At its core, attackers are looking to break trust mechanisms, including the trust that businesses naturally have for their suppliers. Hackers hide their bad intentions behind the shield of trust a supplier has built with their customers over time and look for the weakest, most vulnerable place to gain entry, so they can do their worst.<\/p>\n<p>According to NIST, <a href=\"https:\/\/csrc.nist.gov\/Projects\/Supply-Chain-Risk-Management\" target=\"_blank\" rel=\"noopener noreferrer\">cyber supply chain risks<\/a> include:<\/p>\n<ul>\n<li>Insertion of counterfeits.<\/li>\n<li>Unauthorized production of components.<\/li>\n<li>Tampering with production parts and processes.<\/li>\n<li>Theft of components.<\/li>\n<li>Insertion of malicious hardware and software.<\/li>\n<li>Poor manufacturing and development practices that compromise quality.<\/li>\n<\/ul>\n<p>Cyber Supply Chain Risk Management (C-SCRM) identifies what the risks are and where they come from, assesses past damage and ongoing and future risk, and mitigates these risks across the entire lifetime of every system.<\/p>\n<p>This process examines:<\/p>\n<ul>\n<li>Product design and development.<\/li>\n<li>How parts of the supply chain are distributed and deployed.<\/li>\n<li>Where and how they are acquired.<\/li>\n<li>How they are maintained.<\/li>\n<li>How, at end-of-life, they are destroyed.<\/li>\n<\/ul>\n<p>The NIST approach to C-SCRM considers how foundational practices and risk are managed across the whole organization.<\/p>\n<h3>Examples of past supply chain attacks<\/h3>\n<p>The following are examples of sources of recent supply chain attacks:<\/p>\n<p><strong>Hardware component attacks<\/strong>\u2014When you think about it, OEMs are among the most logical places in a supply chain which an adversary will likely try to insert vulnerabilities. Moreover, these vulnerabilities can be inserted into the end product via physical access as a physical component is being transported or delivered, during pre-production access in a factory or manufacturing facility, via a technical insertion point, or other means.<\/p>\n<p><strong>Software component attacks<\/strong>\u2014Again in 2016, Chinese hackers purportedly attacked <a href=\"https:\/\/techdator.com\/teamviewer-security-was-compromised-in-2016-chinese-hackers-attacked-the-software\/\" target=\"_blank\" rel=\"noopener noreferrer\">TeamViewer software<\/a>, which was a potential virtual invitation to view and access information on the computers of millions of people all over the world who use this program.<\/p>\n<p><strong>People perpetrated attacks<\/strong>\u2014People are a common connector between the various steps and entities in any supply chain and are subject to the influence of corrupting forces. Nation-states or other \u201ccause-related\u201d organizations prey on people susceptible to bribery and blackmail. In 2016, the Indian tech giant, Wipro, had three employees arrested in a suspected security breach of customer records for the U.K. company TalkTalk.<\/p>\n<p><strong>Business processes<\/strong>\u2014Business practices (including services), both upstream and downstream, are also examples of vulnerable sources of infiltration. For example, <a href=\"https:\/\/techcrunch.com\/2019\/09\/05\/monster-exposed-user-data-years\/\" target=\"_blank\" rel=\"noopener noreferrer\">Monster.com experienced an exposed database<\/a> when one of its customers did not adequately protect a web server storing resumes, which contain emails and physical addresses, along with other personal information, including immigration records. This and other issues can be avoided if typical business practices such as risk profiling and assessment services are in place and are regularly reviewed to make sure they comply with changing security and privacy requirements. This includes policies for \u201cbring your own\u201d IoT devices, which are another fast-growing vulnerability.<\/p>\n<h3>Big picture practical advice<\/h3>\n<p>Here\u2019s some practical advice to take into consideration:<\/p>\n<p><strong>Watch out for copycat attacks<\/strong>\u2014If a data heist worked with one corporate victim, it\u2019s likely to work with another. This means once a new weapon is introduced into the supply chain, it is likely to be re-used\u2014in some cases, for years.<\/p>\n<p>To prove the point, here are some of the many examples of cybercrimes that reuse code stolen from legal hackers and deployed by criminals.<\/p>\n<ul>\n<li>The Conficker botnet MS10-067 is over a decade old and is still found on millions of PCs every month.<\/li>\n<li>The criminal group known as the Shadow Brokers used the Eternal Blue code designed by the U.S. National Security Agency as part of their cybersecurity toolkit. When the code was leaked illegally and sold to North Korea, they used it to execute WannaCry in 2017, which spread to 150 countries and infected over 200,000 computers.<\/li>\n<li>Turla, a purportedly Russian group, has been active since 2008, infecting computers in the U.S. and Europe with spyware that establishes a hidden foothold in infected networks that searches for and steals data.<\/li>\n<\/ul>\n<p>Crafting a successful cyberattack from scratch is not a simple undertaking. It requires technical know-how, resources to create or acquire new working exploits, and the technique to then deliver the exploit, to ensure that it operates as intended, and then to successfully remove information or data from a target.<\/p>\n<p>It\u2019s much easier to take a successful exploit and simply recycle it\u2014saving development and testing costs, as well as the costs that come from targeting known soft targets (e.g., avoiding known defenses that may detect it). We advise you to stay in the know about past attacks, as any one of them may come your way. Just ask yourself: Would your company survive a similar attack? If the answer is no\u2014or even maybe\u2014then fix your vulnerabilities or at the very least make sure you have mitigation in place.<\/p>\n<p><strong>Know your supply chain<\/strong>\u2014Like many information and operational technology businesses, you probably depend on a global system of suppliers. But do you know where the various technology components of your business come from? Who makes the hardware you use\u2014and where do the parts to make that hardware come from? Your software? Have you examined how your business practices and those of your suppliers keep you safe from bad actors with a financial interest in undermining the most basic components of your business? Take some time to look at these questions and see how you\u2019d score yourself and your suppliers.<\/p>\n<h3>Looking ahead<\/h3>\n<p>Hopefully, the above information will encourage (if not convince) you to take a big picture look at who and what your supply chain consists of and make sure that you have defenses in place that will protect you from all the known attacks that play out in cyberspace each day.<\/p>\n<p>In the remainder of the \u201cGuarding against supply chain attacks\u201d series, we\u2019ll drill down into supply chain components to help make you aware of potential vulnerabilities and supply advice to help you protect your company from attack.<\/p>\n<p>Stay tuned for these upcoming posts:<\/p>\n<ul>\n<li>Part 2\u2014Explores the risks of hardware attacks.<\/li>\n<li>Part 3\u2014Examines ways in which software can become compromised.<\/li>\n<li>Part 4\u2014Looks at how people and processes can expose companies to risk.<\/li>\n<li>Part 5\u2014Summarizes our advice with a look to the future.<\/li>\n<\/ul>\n<p>In the meantime, bookmark the <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\" target=\"_blank\" rel=\"noopener noreferrer\">Security blog<\/a> to keep up with our expert coverage on security matters. Also, follow us at <a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noopener noreferrer\">@MSFTSecurity<\/a> for the latest news and updates on cybersecurity.<\/p>\n<p>To learn more about how you can protect your time and empower your team, check out the <a href=\"https:\/\/www.microsoft.com\/security\/cybersecurity?ocid=AID2465281_QSG_BLOG_364843\" target=\"_blank\" rel=\"noopener noreferrer\">cybersecurity awareness page<\/a> this month.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Paying attention to every link in your supply chain is vital to protect your assets from supply chain attacks.<\/p>\n","protected":false},"author":96,"featured_media":90010,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3662],"topic":[3668,3669,3687],"products":[],"threat-intelligence":[3737],"tags":[3753,3822],"coauthors":[1896,2180],"class_list":["post-90008","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-news","topic-compliance","topic-data-protection","topic-threat-intelligence","threat-intelligence-supply-chain-attacks","tag-cybersecurity-policy","tag-microsoft-security-insights"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Guarding against supply chain attacks\u2014Part 1: The big picture<\/title>\n<meta name=\"description\" content=\"Paying attention to every link in your supply chain is vital to protect your assets from supply chain attacks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Guarding against supply chain attacks\u2014Part 1: The big picture\" \/>\n<meta property=\"og:description\" content=\"Paying attention to every link in your supply chain is vital to protect your assets from supply chain attacks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2019-10-16T16:00:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-16T06:02:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/Supply-chain-attacks-SOCIAL.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Joram Borenstein, Cristin Goodwin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/Supply-chain-attacks-SOCIAL.png\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Joram Borenstein, Cristin Goodwin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/joram-borenstein\/\",\"@type\":\"Person\",\"@name\":\"Joram Borenstein\"},{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/cristin-goodwin\/\",\"@type\":\"Person\",\"@name\":\"Cristin Goodwin\"}],\"headline\":\"Guarding against supply chain attacks\u2014Part 1: The big picture\",\"datePublished\":\"2019-10-16T16:00:54+00:00\",\"dateModified\":\"2023-05-16T06:02:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/\"},\"wordCount\":1380,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/Supply-chain-attacks-card.jpg\",\"keywords\":[\"Cybersecurity policy\",\"Microsoft Security Insights\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/\",\"name\":\"Guarding against supply chain attacks\u2014Part 1: The big picture\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/Supply-chain-attacks-card.jpg\",\"datePublished\":\"2019-10-16T16:00:54+00:00\",\"dateModified\":\"2023-05-16T06:02:40+00:00\",\"description\":\"Paying attention to every link in your supply chain is vital to protect your assets from supply chain attacks.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/Supply-chain-attacks-card.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/Supply-chain-attacks-card.jpg\",\"width\":440,\"height\":268,\"caption\":\"Image of a tech worker at his desk looking at a computer.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Guarding against supply chain attacks\u2014Part 1: The big picture\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Guarding against supply chain attacks\u2014Part 1: The big picture","description":"Paying attention to every link in your supply chain is vital to protect your assets from supply chain attacks.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/","og_locale":"en_US","og_type":"article","og_title":"Guarding against supply chain attacks\u2014Part 1: The big picture","og_description":"Paying attention to every link in your supply chain is vital to protect your assets from supply chain attacks.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/","og_site_name":"Microsoft Security Blog","article_published_time":"2019-10-16T16:00:54+00:00","article_modified_time":"2023-05-16T06:02:40+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/Supply-chain-attacks-SOCIAL.png","type":"image\/png"}],"author":"Joram Borenstein, Cristin Goodwin","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/Supply-chain-attacks-SOCIAL.png","twitter_misc":{"Written by":"Joram Borenstein, Cristin Goodwin","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/joram-borenstein\/","@type":"Person","@name":"Joram Borenstein"},{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/cristin-goodwin\/","@type":"Person","@name":"Cristin Goodwin"}],"headline":"Guarding against supply chain attacks\u2014Part 1: The big picture","datePublished":"2019-10-16T16:00:54+00:00","dateModified":"2023-05-16T06:02:40+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/"},"wordCount":1380,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/Supply-chain-attacks-card.jpg","keywords":["Cybersecurity policy","Microsoft Security Insights"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/","name":"Guarding against supply chain attacks\u2014Part 1: The big picture","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/Supply-chain-attacks-card.jpg","datePublished":"2019-10-16T16:00:54+00:00","dateModified":"2023-05-16T06:02:40+00:00","description":"Paying attention to every link in your supply chain is vital to protect your assets from supply chain attacks.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/Supply-chain-attacks-card.jpg","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/Supply-chain-attacks-card.jpg","width":440,"height":268,"caption":"Image of a tech worker at his desk looking at a computer."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/16\/guarding-against-supply-chain-attacks-part-1-big-picture\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"Guarding against supply chain attacks\u2014Part 1: The big picture"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/90008"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=90008"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/90008\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/90010"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=90008"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=90008"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=90008"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=90008"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=90008"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=90008"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=90008"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}