Third-party vulnerabilities are the silent but deadly cybersecurity threat. They can impact an organization without any way for it to know it’s at risk. Take the SolarWinds incident from December 2020 as a prime example: a single vulnerability in SolarWinds’s servers had a trickle-down effect that impacted thousands of unsuspecting customers, including multiple government agencies and numerous global enterprises.
Bob Pacheco is Managing Partner and leads the Governance, Risk and Compliance (GRC) practice at Mission Cyber Group. For nearly 20 years he has worked with a wide range of organizations — including the NFL, PGA, state entities, and Fortune 100 companies — to address third-party vulnerabilities like the one from the SolarWinds breach. Pacheco spoke with IT Business Edge about what enterprises should know about preventing third-party risks.
Jump to:
The Nuance of Risk Management
The SolarWinds attack is only one of the most recent examples of a worst-case risk management scenario. With all of these incidents, most of the focus of the follow-up and analysis is on the technical issues at hand. What was the root cause of the breach? What…
