Skip to main content
Strategic Advisory

Supply Chain Attack

When the software you trust is the threat.

Practice responding when a trusted vendor or software is compromised, affecting your environment.

Request a Quote Learn More

Overview

Supply chain attacks exploit the trust you place in vendors, software providers, and service partners. When SolarWinds, Kaseya, or your critical vendor is compromised, your environment becomes a target. Supply Chain exercises test your ability to detect compromise through trusted channels, assess impact when the threat vector is software you installed yourself, and coordinate response with affected vendors and customers.

Common Questions

Do you use real vendor names?

We can use realistic fictional vendors or discuss real incidents like SolarWinds or Kaseya. Real examples resonate because participants remember the news coverage and can relate to affected organizations.

What if we're a software vendor ourselves?

Even more important to practice. We can run scenarios where your software is compromised and you must respond to your customers. The pressure and decisions are different when you're the source, not the victim.

How do you simulate the technical investigation?

We provide IOCs and discussion of what investigation would reveal. The exercise focuses on decisions based on investigation findings—what if we find X, what do we do? Technical depth is determined by participant roles.

Should we include our software vendors in the exercise?

Advanced organizations do. Joint exercises with critical vendors test coordination and communication during incidents. We can facilitate multi-party exercises when appropriate.

Other Tabletop Exercises Options

Ransomware Response

Walk through a ransomware attack scenario from initial detection through recovery and post-incident activities.

Learn more

Data Breach Response

Practice responding to unauthorized data access, including notification requirements and regulatory response.

Learn more

Insider Threat Scenario

Test response to malicious or negligent insider actions, including investigation and containment.

Learn more

Business Email Compromise

Respond to executive impersonation and payment fraud scenarios targeting finance teams.

Learn more
Back to Tabletop Exercises Get a Quote

Ready to Strengthen Your Defenses?

Schedule a free consultation with our security experts to discuss your organization's needs.

Schedule Consultation Call Us

Or call us directly at (445) 273-2873