ONE of the important cybersecurity threats highlighted during this year's Singapore International Cyber Week (SICW) and GovWare conference, held earlier in October, is supply chain attacks.

These are cyberattacks where hackers, instead of targeting a specific company, zero in on the software or IT services vendors whose products the company uses. They insert malicious code into these IT companies such that when the next batch of (usually automated) software updates happen, the virus moves into the networks of all the customers of these vendors.

Like all other forms of cyberattacks (for example, ransomware), supply chain hacks are not new. What is new is that with increased connectivity and digitalisation, the devastating effects of these attacks have increased manifold. The danger came into the limelight when Solar Winds, a US-based IT services company that provides IT system management tools to thousands of organisations around the world, reported last December that its network had been breached by what it claimed was a hacking group backed by a nation-state. The Solar Winds raid affected close to 18,000 customers. The breach was discovered nearly 14 months after it happened, during which time the hackers had access to some of the world's most high-profile companies, including Intel, Nvidia, Cisco and a host of other non-technology firms.