Amid the many millions of words written about the SolarWinds breach that continues to affect tens of thousands of organizations, either directly or indirectly, a word that has cropped up several times is “inevitable.” An inevitability of a cyber breach of some description or another is statistically a certainty that many organizations try to forget. A cybersecurity adage states that it’s not if it will happen; it’s when it will. The sophisticated hack, where a compromised software update from IT monitoring company SolarWinds resulted in nine federal agencies and 100 private companies being accessed, was always a possibility.
Astute decision-makers in organizations are cognizant of this fact of life and are also aware that with the greater number of suppliers or third parties with whom they — and their technology stack — interact, comes the greater the risk to the core enterprise. The SolarWinds event made the headlines because the company was along the supply chains of many large organizations, and so a single instance of malware affected many, many companies and public institutions.
The proper assessment of the risk profile of the often thousands of third parties…
