First published on If the security community learned anything from the SolarWinds cyberattack, it was that threat actors do a better job assessing where to find vulnerabilities than cybersecurity teams do at assessing risk. This was a supply chain attack, where one company was hacked in order to bring chaos to other, often bigger, businesses. In this case, a network management software program was compromised, which allowed hackers to gain access to the email systems of government agencies and wreak havoc against the systems of large tech firms like FireEye and Microsoft. Even though there is greater awareness of the weaknesses in the network management supply chain due to the SolarWinds attack, organizations are 82% more likely to suffer a similar attack through a vendor email compromise, according to research conducted by Abnormal Security.