In recognition of National Supply Chain Integrity Month, the Cybersecurity and Infrastructure Security Agency (CISA) is partnering with the Office of the Director of National Intelligence (ODNI), the Department of Defense, and other government and industry partners to promote a call to action for a unified effort by organizations across the country to strengthen global supply chains.
Many lessons were learned in enterprise IT and security teams in 2020, right down to the final weeks of the year with the SolarWinds attack. We closed out a miserable year with a devastating reminder about the danger of third party access and supply chain attacks.
The recent SolarWinds breach has brought vendor risk management into the spotlight. With 59% of data breaches being traced to third-party vendors and the average enterprise having 67 vendors with privileged access, managing third party risk is no longer optional, says Tony Howlett, Chief Information Security Officer (CISO) of SecureLink. Here, we speak to Howlett about why security and risk professionals need to take control of their third-party exposure and implement safeguards and processes to reduce their vulnerability.
The SolarWinds hack is a strong reminder why third-party risk management is so important. Not only was SolarWinds breached, but the hack is now believed to have affected upward of 250 federal agencies and businesses. Here, we speak to Jonathan Ehret, Vice President of Strategy & Risk at RiskRecon, who believes organizations should be asking their vendors about the third-party risk management and cybersecurity policies they have in place to protect against a breach and leak of critical data.
The SolarWinds supply chain attack has, to date, impacted nine government agencies and as many as 100 private sector companies, according to some reports. By the time the full extent of the hack is known, it may be the most widespread security breach on record. But what does this mean for the organizations impacted and is it potentially insurable? In light of the massive cyberattack, we spoke to Seth Rachlin, Executive Vice President and Insurance Lead at Capgemini, to discuss the implications of this attack and the fast-growing cyber insurance market.
In a paper released recently, “An integrated cyber approach to your cloud migration strategy,” Deloitte explores how an integrated cloud-cyber strategy enables organizations to use cyber as a differentiator, and outlines how cybersecurity teams must adapt.
CISA created the COVID-19 Vaccine Distribution Physical Security Measures guidance. This guidance provides a non-comprehensive list of physical security resources available to the public to help facility owners and operators enhance their physical security to protect workers and individuals.
Extension will allow the Task Force to continue its work as outlined in its recently released Year 2 Report and position itself to support the supply chain risk management imperative in 2021
February 9, 2021
The Cybersecurity and Infrastructure Security Agency (CISA) announced a six-month extension of the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force. The Task Force, chaired by CISA and the Information Technology (IT) and Communications Sector Coordinating Councils, is a public-private partnership composed of a diverse range of representatives from large and small private sector organizations charged with identifying challenges and devising workable solutions and recommendations for managing risks to the global ICT supply chain.