“A big lesson for us was about due diligence,” he says. “When companies do mergers and acquisitions, most of the due diligence is around financials, maybe legal risks, or intellectual property. But I don’t see companies focusing too much on cybersecurity in terms of digging deeper into whether the company has a breach. This certainly changed our process. If we had focused on it during due diligence I’m sure we would have been able to find at least some indication.”

https://www.wired.com/story/inside-the-unnerving-supply-chain-attack-that-corrupted-ccleaner/