As 2025 comes to an end, there have been some valuable cybersecurity lessons for businesses. These involve vendor oversight, internal coordination, and incident response plans. Businesses should vow to address them in 2026 if they have not done so already.
Cybersecurity vendor gets hacked
One of the more alarming recent developments was the announcement in October of a breach at F5, Inc. – a cybersecurity company. Because of the nature of the business, the breach could affect not only F5 but also its client companies, which F5’s website reportedly says is four out of five Fortune 500 companies. Some federal networks are also potentially affected, according to the news report linked above.
The lesson for businesses is clear: even when you believe you have strong internal controls, you still risk exposure through trusted vendors or software suppliers. Attackers are becoming increasingly sophisticated, using existing tools and credentials to gain access and carry out malicious activities.
To minimize your risk, be sure to consider security, and risk to your supply chain, before you enter into a contract with a vendor. This should be reviewed with IT, procurement, legal,…
