Cybercriminals exploit trust relationships and compromise the weakest entity in the supply chain. Once the cybercriminal gains access to the supplier’s network, they work their way up the supply chain to the target organization. It may take them months, but they persist until they gain access.