Supply chain attacks target the weakest spot in most every enterprise’s security program: third-party access. The SolarWinds Orion hack was accompanied by forged SAML tokens that provided unauthorized access to enterprise resources without detection. Centrally-manage all third party identities is imperative to centrally manage all third parties’ access. Access certification processes are key to an identity governance program, requiring approvers, sponsors and other certifiers to verify and attest that users have the right access and permissions. This verification process could also lead to detecting a supply chain attack.
Source: https://www.helpnetsecurity.com/2021/04/08/minimize-supply-chain-cyberattacks/