In a season whose biggest news story was supposed to be the joy of a Hot Vax Summer, what we’ve gotten instead is panic due to a hacked oil pipeline, fear of a food shortage due to an attack on a meat processor, and an infiltration of IT networks via ransomware.
The Hot Vax Summer has quickly turned into the Hot Lax Summer for those worried about cybersecurity.
What the recent attacks on Colonial Pipeline, JBS, and Kaseya teach us is that no industry is immune to cyber attacks. More importantly, it demonstrates very vividly in a very short window of time that even companies we’ve never heard of can have a large impact on our own lives and businesses.
TPRM, or Third Party Risk Management (also known as VRM, vendor risk management), deals explicitly with this issue: few companies ever exist alone. From sourcing the sugar in your Starbucks coffee to supplying the sheets to your local hospital, vendors are a central part of a connected world. And with connections come vulnerabilities. It’s one reason why we think educating your company about vendor security is more important than ever.
Is it time to panic?
But do these attacks indicate that it’s time for all of us to worry? According to LinkedIn co-founder and Greylock Partner Reid Hoffman, the answer is a resounding yes. In a recent interview with CNBC, Hoffman states, “However terrified you are about cybersecurity, you’re probably not terrified enough.” He goes on to cite increased reliance on digital technologies and global actors (including state-sponsored hacking groups) as a reason for companies to be concerned about risk management.
However, he also sees reason for optimism in the COVID-inspired move to work remotely or in hybrid settings. Not only are individuals typically more aware of their own security risks in a home setting, they’re also not necessarily bringing in external threats directly to the company (Reid cites the example of an employee bringing in an infected USB drive and plugging it into office machines in a traditional work setting.)
The result is that Reid sees cybersecurity as an investment opportunity as much as a threat for companies. Coalition CEO Joshua Matta, for instance, shared similar insight when discussing how cybersecurity insurance might be an increased business opportunity and necessity.
Securing every link in your chain
As we recently discussed in our post-mortem of the Kaseya attack, cyberattacks teach us the importance of securing our digital networks, particularly when those networks form the supply chain that we rely on to do business.
The same is true for every business regardless if it deals directly with traditional supply chains or not. Suppliers and vendors represent risk that companies need to understand and manage at every point of the business relationship: before and during engagement.
While cyberattacks can’t necessarily be predicted and prevented with certainty, there are very basic steps that every company can take to ensure that they’ve done their due diligence on mitigating inherent risks. The first, and most important, is to maintain updated, reputable, and accessible security assessment information to make the best decisions for their business with each new relationship.
Fortunately, this is our entire approach to cybersecurity, and we can help enterprise companies who solicit vendors, and equally we can help third party vendors who regularly respond to security requests. In our opinion, cementing these relationships early in engagement is the single best way to avoid future fall-out from inevitable cyber attacks.
We can help your company get back to its Hot Vax Summer