Trust must be earned and verified

Trust is irrelevant in supply chain security

Trust can be assumed without verification

Trust is only needed for internal stakeholders

All steps from raw materials to product delivery

Only the manufacturing process

Transportation of finished goods only

Retail and customer service operations

New devices may have preloaded vulnerabilities

Hardware components can be easily replicated

Supply chain disruptions can lead to increased costs

All hardware is immune to cyber threats

Through a phishing attack on an HVAC vendor

By exploiting a vulnerability in the payment system

Using stolen credit card information from customers

Through a DDoS attack on the website

By injecting it into software updates

Through phishing emails

By exploiting zero-day vulnerabilities

Using removable media devices

Sensitive data may be exposed.

Service downtime may occur.

User accounts may be locked.

Software updates may be delayed.

Register-based malware for stealing card data

Ransomware for encrypting files

Spyware for tracking user activity

Adware for displaying unwanted ads