An article in Risk Management provides an overview of a software supply chain and describes how an attack against one could occur. The article observes that even companies with robust cybersecurity programs can be vulnerable to these attacks, which can be perpetrated by an adversary inserting malicious code into an otherwise legitimate software application. These activities can lead to data leaks or even physical effects, with threat actors potentially gaining access to an organization’s network. “NotPetya” was one of the most high-profile examples of this kind of activity, which involved a ransomware being deployed via a legitimate software update sent by the vendor to its customers. To prevent these kinds of attacks, the article concludes with a series of recommended steps for organizations to implement. Read the article at Risk Management.