Skip to main content

What are supply chain attacks?

30th October 2025

It only takes one weak link for everyone to be compromised.

Imagine your cyber security is perfect. Well, I say perfect, but with threats constantly evolving that isn’t too likely – as close to perfect as you can get though. All the right training, technology and processes are in place: you might even be an Interfuture Security client!

Despite this you may still be at risk of attack, indirectly. Supply chain attacks refer to when less secure elements in a company’s infrastructure – software providers, hardware manufacturers or service vendors – are infiltrated to get into your more secure systems.

To give a recent example, which we went over in more detail in this article, Salesloft’s AI chatbot Drift was compromised. Drift was used by Salesforce who in turn have access to a lot of private information, which resulted in a lot of companies having data leaked.

Of course, Salesforce has better security than most, and an attack while not impossible would have been difficult. However, by going through Drift, security measures were bypassed, and it was easier to gain access.

Supply chain attacks raise the question of if cyber security in the supply chain should have to match the same standards as in the main companies themselves – personally we agree, as these gaps and siloed processes are what lead to breaches.

In the meantime though, what can you do to protect against these kinds of attacks?

·         Vendor risk assessments: evaluate the cyber security posture of all suppliers before onboarding their products.

·         Zero trust: never assume you can trust a third party just because you use their product – always verify.

·         Access controls: only allow these vendors to see the information that is essential to them.

·         Monitoring and logging: track activity across all integrated systems to spot inconsistencies or breach attempts.

Until the core of supply chain security changes, these kinds of attacks are going to be frequent: they are simple and effective for bad actors. Hopefully these tips can help to keep your data secure for now, and maybe in the future security will be more connected across systems.

If you would like more details on supply chain attacks, please contact Interfuture Security.

YouTube: https://youtu.be/pCUeuIoX0gw

Back to top