3rd Party Risk Management , Governance & Risk Management

Lessons from the SolarWinds Hack: A CISOs Approach

CyberEdBoard Executive Member, Mario Demarillas, guest speaks on panel at ISMG SEA Virtual Cybersecurity Summit
Mario Demarillas of Exceture Inc.(left), Phoram Mehta of Paypal APAC (middle),Venkatesh Subramaniam of Olam International (right)

The popular SolarWinds hack, the supply chain attack that implanted a backdoor in the Orion network monitoring software pushed to 18,000 of the firm's customers, is considered to be potentially the most significant intrusion in our history.

See Also: Third-Party Privileged Access: Seamless. Efficient. Secure.

The campaign's full scale, including all of the tactics, techniques and procedures being used by attackers remaining unknown, has left most enterprises across the regions in a state of shock.

What are the lessons the CISOs need to learn from this attack? Do you have a process to evaluate your vendor's security policies and frameworks?

The panel will discuss:

  • How should the risk framework of supply chain vendors evolve;
  • The risks posed by different kinds of vendors;
  • Defining security by design approach while evaluating the third party products.

About the Author

Information Security Media Group

Information Security Media Group (ISMG) is the world's largest media company devoted to information security and risk management. Each of its 37 media sites provides relevant education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Its yearly global summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.

Information Security Media Group (ISMG) is the world's largest media company devoted to information security and risk management. Each of its 37 media sites provides relevant education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from the North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Its yearly global Summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.