To Reduce IT Supply Chain Risk, Watch for Insider Threats and External Attackers

A recent Bloomberg Businessweek report claims that China’s military infiltrated the supply chain used to build hardware that Apple and Amazon Web Services both use. Both tech giants deny the story’s allegations. Supermicro, the component maker that was allegedly hacked, also says it’s not true. Despite this, Bloomberg stands behind it. Regardless of whether “the big hack” happened, it raises the specter of whether hacks against the IT supply chain are taking place and if risk is being mitigated. 
The idea that a supply chain attack could compromise hardware used to power critical systems has troubled the public and private sectors alike for several years. Most experts agree that executing a successful attack that could infiltrate the IT supply chain would be difficult. They also agree that it’s possible. In fact, The Guardian and ArsTechnica have both published stories alleging that government and military entities infiltrated IT supply chains in the past.