Supply Chain Attack Surface

---

• Rather than attack the target directly, a threat actor may seek ways to infiltrate it via companies in its supply chain

Procurement management is process of ensuring reliable sources of equipment and software.

• types of relationships:
  • Supplier
    • obtains products from a manufacturer to sell in bulk to other businesses
  • Vendor
    • obtains products from suppliers to sell to retail businesses or directly to customers
  • Business Partner
    • two companies share closely aligned goals and marketing opportunities