Digitalization is now pervasive in the fabric of business, government and society, and with this comes increased cyber risk. Recent incidents such as SolarWinds have brought greater attention to the risk of mass scale breaches stemming from attacks against the ICT supply chain. As our traditional security defences have improved, persistent threat actors are moving upstream to compromise trusted ICT products and services with the aim of burying exploits inside enterprise and critical infrastructure. This session will examine key ICT supply chain threats, how developers and suppliers are strengthening defences, and steps small and large enterprises can take to better safeguard their networks.