July 27, 2018
You are about to leave Risk Strategies website and view the content of an external website.
You are leaving risk-strategies.com
By accessing this link, you will be leaving Risk Strategies website and entering a website hosted by another party. Please be advised that you will no longer be subject to, or under the protection of, the privacy and security policies of Risk Strategies website. We encourage you to read and evaluate the privacy and security policies of the site you are entering, which may be different than those of Risk Strategies.
You’re only as strong as your weakest link – and in today’s networked business world that weak link could be anywhere. Another unfortunate reminder of this surfaced recently as a Canadian supplier to major automakers was breached and important data on those clients stolen.
This article in SC Magazine has a good rundown on the apparent facts of the situation.
Although this article emphasizes these breaches as a growing area of concern for manufacturers left exposed by supply chain vulnerabilities, the hack is very reminiscent of the Target breach and many others. The compromise was not due to a deficiency in the larger companies’ networks but due to a breakdown in security protocols of a third party vendor. In this case, Tesla and Volkswagen were completely unaware that a key supply chain partner had failed to adequately secure a key component in their system intended for secure file transfer of proprietary information including trade secrets.
Evaluating your vendor’s data security posture is vital before connecting them to any part of your operations, entrusting them with sensitive information or making your organization reliant on them as part of your supply chain.
Beyond a close security audit and evaluation, having contractual protections to provide an indemnity when an incident happens is ideal, but not always realistic. A properly crafted cyber insurance policy can protect your organization regardless of where your information is being stored or processed; ensuring the financial resiliency needed to weather a supply chain interruption or other business interruption, as well as provide resources for investigation and technical help if needed.
Make sure weak virtual links don't become real liabilities. Connect with us today: cyber@risk-strategies.com
The contents of this article are for general informational purposes only and Risk Strategies Company makes no representation or warranty of any kind, express or implied, regarding the accuracy or completeness of any information contained herein. Any recommendations contained herein are intended to provide insight based on currently available information for consideration and should be vetted against applicable legal and business needs before application to a specific client.