Today’s columnists, Pascal Geenens and Daniel Smith of Radware, say that while the SolarWinds case brought supply-chain attacks into the limelight, they are not new and security teams must finally manage them more effectively.
Nobody likes a new standard, said TIA CEO David Stehlin. But with security concerns tied to Huawei and SolarWinds still fresh, government and businesses alike need assurance that industry is addressing the problem.
If ransomware and data exfiltration attacks that targeted hospitals and vaccine researchers during the pandemic signaled a cyber hygiene crisis in health care, the SolarWinds supply chain attack demonstrated just how deep the problem goes.
As companies scramble to assess their own vulnerability amid the wave of supply chain attacks in recent months, law firms find themselves doing double duty: providing complex legal support to clients, and assessing internal safeguards to ensure they themselves practice what they preach.
There is no rule mandating a company to disclose a breach to the federal government, even when national security is a concern. That could change, however. In the words of Microsoft President Brad Smith, “this is about moving information fast, to the right place, so it can be put to good use.”
Sachin Bansal, general counsel at SecurityScorecard, spoke with SC Media about ratings, and how they can be used to strengthen the supply chain and determine cyber insurance premiums.
And would any water treatment facility judge the calculus differently – revert dollars from elsewhere perhaps – had they known such a cyber incident was coming? Even that is hard to say. We don’t know what would be sacrificed by that trade-off.
Today’s columnist, Mary Braunwarth of NetSPI, notes that falling short on regulatory requirements can put companies on the hook for hefty fines, such as in the case of Citibank, which was fined $400 million by the U.S. Treasury Department.
Organizations operate in networks that on average include 1,409 vendors. Combine that with limited resources, and supply chain security can seem an oxymoron.
The Third-Party Risk Task Force will explore ways organizations can minimize risks from their supply chain.
