IT Essentials: Clip-clopping towards disaster

Supply chain attacks remain the industry's dirty secret

IT Essentials: Clip-clopping towards disaster

2017 was very much 'the year of ransomware'. WannaCry was the herald, and NotPetya main event - at least where companies like Maersk were concerned.

It was an exciting time to enter the IT world (I joined Computing the Monday after WannaCry, and wondered why everyone I talked to looked frazzled), but drove home the vulnerability - and resilience - of the world's infrastructure.

Six years on and nothing has changed. This week's attack by the Clop gang, targeting MOVEit, is just the latest in a series of supply chain attacks. Magecart, SolarWinds, Kaseya, Exchange Server, 3CX - the list goes on.

If anything, the problem has only got worse. Software continues to eat the world. Popular tools might be used in hundreds of thousands of organisations, and compromising just one affects millions of lives.

There is no easy solution; the world is addicted to cheap software. Regulating it is expensive and only viable in the long term; SBOMs need industry buy-in; and a global chain of trust with an agreed set of tools and practices, while a lofty goal, is years away.

Leading leaders

On a more positive note, we launched our annual IT Leaders 100 list this week, recognising the UK's most influential and inspirational IT heads.

These are the people really beating a path for the rest of the industry to follow, both technologically and culturally. They display great innovation and are skilled at bringing IT and business together.

As an addition to the list this year, we also gave equal weight to entrants' ESG efforts. Whether it was charitable, environmental or diversity-related, this work helped 2023's IT leaders to stand out in a crowded market of brilliance.

Weekend reading

Check out John's Leonard's interesting read on SAP's green efforts, and his examination of IT leaders' plans for DevOps rationalisation.