Avoiding a SolarWinds in Your Business
The following excerpt is part of a series of blog posts on topics that will be discussed at the NCBA Privacy and Data Security Section Annual CLE. If you are interested in learning more, then please join us. Register for the program here.
Historically, entities have looked at cybersecurity as a process of hardening their own defenses against more traditional attack vectors. However, recent attacks against suppliers, such as SolarWinds, Kaseya, Microsoft and others, have made headlines for the cascading effects of their data breaches. These attacks against supply chains, third party vendors, business associates, or any other trusted third party can have devastating impacts on downstream customers and clients. We’ve arrived at a time when having strong technical controls and processes for your networks and systems, while critical, may not sufficiently protect an organization’s interests. Legal protections from a vendor management program are needed as well. And the stakes are high for organizations looking to manage cyber risk: the most recent study by the Ponemon Institute found that the average cost of a data breach in the USA was over $8 million. While this sounds like an astronomical amount, even the smallest clients can easily reach this amount considering that the same study found that the per-record cost of a data breach was a tad under $150, meaning, a breach with even 1000 records could have all-in costs in the six figures.
During the CLE, attendees will learn about common sticking points in negotiations with suppliers, practical tips on developing a third-party risk management program, and frameworks used by governments and other organizations for managing those risks.