Cybersafetyconnections December 19, 2022, vol#97
- Data breaches/cyberattacks can come from supply chain attacks, an example being SolarWinds.
- Risk Assessment is therefore important for the supply chain network.
- It is important to take inventory of the software parts from suppliers to reduce the chances of a data breach.
Supply Chain data breaches
There have been instances of cyberattacks/data breaches that resulted from vulnerabilities in third-party vendors and partners’ ecosystem cybersecurity. An example is the SolarWinds data breach.-Wikipedia. The SolarWinds data breach resulted from a supply chain attack on Microsoft Cloud Services as well as a Supply chain attack on SolarWinds Orion software widely used by the government and industry.
Third-Party risk assessment
Forbes Magazine 5 Cybersecurity Strategies For A Riskier World recommends third-party vendors/partners risk assessment using questionnaires and technical testing. Scenario testing is recommended as well to prepare for possible courses of action should there be supply chain disruptions that could impact business continuity.
Last week the blog discussed the need for business continuity, incidence response plans, and disaster recovery for the enterprise as a whole not just for third parties and partners.
Over 4 years ago I interviewed for an accounting position with a company in the suburbs where I lived at that time, called Fusion Risk Management which automated third-party risk management. Even though I never got the job, I was impressed by the automation of third-party risk management. I am in no way advocating for their service or paid to recommend their services.
Inventory of software
Forbes Magazine 5 Cybersecurity Strategies For A Riskier World mention that a software Bill of materials (SBOM) that provides an inventory of all software parts for a vendor service would be beneficial to help examine vendor weaknesses and reduce third-party risks.
Subscribe to get the latest post.