Findings show that malicious code was installed in 18,000 sensitive networks, operating without disruption from March to December 2020. How did this malware evade detection for so long?
The answer is that government and enterprise organizations lack visibility into the security processes of their IT vendors. As cloud services have become integral elements of IT agendas, it’s jarring to see companies like Microsoft, VMware and others being impacted by this supply-chain attack, which could also affect the users of their products and services. To ensure supply-chain security, organizations should require their IT suppliers to implement stringent standards and certifications, such as Open Trusted Technology Provider Standard (O-TTPS).