The recent news regarding the major cyber security breach impacting federal agencies and Fortune 500 companies is alarming. How can the U.S., with all of its security measures and countermeasures, still find itself a victim to what appears to be a foreign-led cyber hack? While experts are investigating the complex circumstances around this breach, initial reports indicate a vulnerability identified in the third-party supply chain of a key commercial contractor.
That’s a wake-up call to big business and prime contractors that it’s time to quit giving lip service to your third-party risk-management program and work with small business supply chain vendors to help them achieve a necessary level of security. It’s time to move beyond compliance-based programs alone. While regulatory compliance is important, it does not equal security.
Only time will tell the full extent of the damage from the federal agency infiltration. But there is an early lesson to be learned — if one of the most sophisticated cybersecurity systems in the world can be breached, then aren’t we, as individuals, businesses and institutions, just as vulnerable?
It might be easy to distance…
