Inside the unnerving supply chain attack that corrupted CCleaner

“A big lesson for us was about due diligence,” he says. “When companies do mergers and acquisitions, most of the due diligence is around financials, maybe legal risks, or intellectual property. But I don’t see companies focusing too much on cybersecurity in terms of digging deeper into whether the company has a breach. This certainly changed our process. If we had focused on it during due diligence I’m sure we would have been able to find at least some indication.”

https://www.wired.com/story/inside-the-unnerving-supply-chain-attack-that-corrupted-ccleaner/

GDPR: Security

“A good starting point is to make sure that you’re in line with the requirements of Cyber Essentials – a government scheme that includes a set of basic technical controls you can put in place relatively easily.”

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/security/