Supply chain dependencies: Have you checked your blind spot?

This report examines cyber supply chain risks, using high-impact historical incidents (e.g., 3CX, NotPetya, JLR, M&S) and vulnerabilities (Kr00k, faulty updates) to illustrate how third-party compromise or faulty vendor releases can cascade across industries; it outlines common blind spots, geopolitical supply chain concerns, and a prioritized one-year program of vendor risk management, zero trust adoption, monitoring, and incident response exercises to improve resilience.