From SolarWinds to Kaseya: The rise of supply chain attacks in a digital world

Supply chains today rely heavily on information technologies. Such reliance has encouraged attackers to shift their focus on conducting supply chain attacks, which is expected to become the most common type of cyberattack by 2030. Thus, it is crucial for Information Systems practitioners to gain a deeper understanding of supply chain cybersecurity. To that end, this teaching case demonstrates the importance of supply chain cybersecurity in the digital era drawing on two recent attacks with significant impact on supply chains: SolarWinds and Kaseya. We first discuss different dimension of cyberattacks, followed by an introduction of supply chain attacks. We then introduce an analytical tool called cyber kill chain that is widely used for analysing different stages of a cyberattack. In addition, we propose a taxonomy of cyberattacks that can be used as a tool, alongside other tools, to analyse cyberattacks. The taxonomy is especially useful for conducting a lightweight analysis and presenting an overview of cyberattacks to non-technical stakeholders, especially executives and directors.