BankInfoSecurity
Compliance
March 29, 2021
March 25, 2021
March 25, 2021
Compliance Twitter
Trey Herr, director of the Cyber Statecraft Initiative at the Atlantic Council
The threat posed by software supply chain attacks is growing, but organizations can take steps to minimize the risks.
Trey Herr, co-author of a study of more than 100 supply chain compromises that was released last year by the Atlantic Council, says attackers, particularly state-affiliated ones, look to compromise roots of trust in the software supply chain.
“We think about software supply chain attacks as being unusual or exotic,” says Herr, director of the Atlantic Council’s Cyber Statecraft Initiative. “Really, there’s been a tremendous number of them over the last decade.”
Get Permission
Email security provider Mimecast says hackers compromised a digital certificate that encrypts data that moves between several of its products and Microsoft’s servers, putting organizations at risk of data loss.
The certificate, which is issued by Mimecast, encrypts data exchanged between the company’s Sync and Recover, Continuity Monitor and Internal Email Protect products and Microsoft 365 Exchange Web Services.
Mimecast, which is based in London, says that 10% of its customers, or about 3,900, use this type of connection between its products and Microsoft. In its last earnings call in November 2020, Mimecast reported it has 39,200 customers around the world.