Look at the breaches that defined the last few years - SolarWinds, Kaseya, the MOVEit campaign, the Okta support-system compromise - and a pattern is impossible to miss. The attacker rarely came through the front door. They came through someone the victim trusted.
Look at the breaches that defined the last few years - SolarWinds, Kaseya, the MOVEit campaign, the Okta support-system compromise - and a pattern is impossible to miss. The attacker rarely came through the front door. They came through someone the victim trusted.
Supply-chain attacks are efficient. Compromise one widely-used product or provider and you inherit access to everyone downstream. A single trusted update, a shared managed-service connection, or a third-party support tool becomes the path into hundreds of organisations at once.
For the public sector this is not abstract. The services citizens depend on sit on top of long, shared supplier chains - and the same handful of cloud hosts, software vendors and managed providers sit behind many of them.
A point-in-time questionnaire captures a supplier on the day they answered. The compromise happens in the months afterwards - in the gap between assessments - when an edge appliance goes unpatched or an exposed admin portal appears. The questionnaire never sees it.
The answer is not to trust suppliers less. It is to assure them continuously: combine what they tell you with what you can observe from the outside, and keep watching.
The breach will still start with a third party. The difference is whether you find out from your platform - or from the news.
Occasional, practical notes on UK public-sector cyber risk and compliance. No spam, unsubscribe anytime.
A live outside-in scan and threat match on your suppliers in the demo.