You’re only as strong as your weakest link – and in today’s networked business world that weak link could be anywhere. Another unfortunate reminder of this surfaced recently as a Canadian supplier to major automakers was breached and important data on those clients stolen.
This article in SC Magazine has a good rundown on the apparent facts of the situation.
Although this article emphasizes these breaches as a growing area of concern for manufacturers left exposed by supply chain vulnerabilities, the hack is very reminiscent of the Target breach and many others. The compromise was not due to a deficiency in the larger companies’ networks but due to a breakdown in security protocols of a third party vendor. In this case, Tesla and Volkswagen were completely unaware that a key supply chain partner had failed to adequately secure a key component in their system intended for secure file transfer of proprietary information including trade secrets.
Evaluating your vendor’s data security posture is vital before connecting them to any part of your operations, entrusting them with sensitive information or making your organization reliant on them as part of your supply chain.
Beyond a close security audit and evaluation, having contractual protections to provide an indemnity when an incident happens is ideal, but not always realistic. A properly crafted cyber insurance policy can protect your organization regardless of where your information is being stored or processed; ensuring the financial resiliency needed to weather a supply chain interruption or other business interruption, as well as provide resources for investigation and technical help if needed.
Make sure weak virtual links don't become real liabilities. Connect with us today: firstname.lastname@example.org
The contents of this article are for general informational purposes only and Risk Strategies Company makes no representation or warranty of any kind, express or implied, regarding the accuracy or completeness of any information contained herein. Any recommendations contained herein are intended to provide insight based on currently available information for consideration and should be vetted against applicable legal and business needs before application to a specific client.