036_Supply Chain Vulnerabilities – CompTIA Security+

Trust must be earned and verified

Trust is irrelevant in supply chain security

Trust can be assumed without verification

Trust is only needed for internal stakeholders

All steps from raw materials to product delivery

Only the manufacturing process

Transportation of finished goods only

Retail and customer service operations

New devices may have preloaded vulnerabilities

Hardware components can be easily replicated

Supply chain disruptions can lead to increased costs

All hardware is immune to cyber threats

Through a phishing attack on an HVAC vendor

By exploiting a vulnerability in the payment system

Using stolen credit card information from customers

Through a DDoS attack on the website

By injecting it into software updates

Through phishing emails

By exploiting zero-day vulnerabilities

Using removable media devices

Sensitive data may be exposed.

Service downtime may occur.

User accounts may be locked.

Software updates may be delayed.

Register-based malware for stealing card data

Ransomware for encrypting files

Spyware for tracking user activity

Adware for displaying unwanted ads

Over $1B in fake devices were sold using shell companies

Cisco launched a new product line

Cisco reported record profits in 2022

A major cybersecurity breach occurred at Cisco

Trust must be verified through digital signatures

Software must be developed in isolation

All code must be open source

Security measures should be optional

The development infrastructure

User data

Network security protocols

Customer service operations