Here are excerpts from an April 2010 article in which I interviewed one of the industry’s top cybersecurity experts, Richard Stiennon – How Vulnerable Are We To A Cyberattack? – https://bit.ly/3TlEVkr
✳ Based on the above conclusions, Stiennon suggests that the best way to deal with the threat of a cyberattack is using economic levers as the primary deterrent mechanism “by increasing the costs for the attackers through the improvement of defenses.
✳ Karen S. Evans, former federal CIO under the Bush administration, called for a “focus on continuous monitoring and situational awareness by creating an early-warning system that could sniff out attacks.”
Here is an excerpt from an August 2023 article “How many times would you (or have you) bypass company policy to get the job done?” – https://bit.ly/3NnOXiB
✳ “74% of employees said they would bypass cybersecurity guidance if it helped them or their team achieve a business objective.” – Help Net Security (February 2023)
There is a famous Pogo cartoon in which the character, looking into a mirror, proclaims, “We have met the enemy, and he is us.” Based on the above excerpts from 2010 and 2024, what does it say about cybersecurity and risk?
Who is the “Us”
“Third-party risk is any risk brought on to an organization by external parties in its ecosystem or supply chain. Such parties may include vendors, suppliers, partners, contractors, or service providers, who have access to internal company or customer data, systems, processes, or other privileged information.” – UpGuard
Supply chain attack: being wary of third-party providers – Dec 6, 2017 — There is no end to major cyber breaches that were caused by suppliers. The 2014 Target breach was caused by lax security at an HVAC vendor. This …
As supply chains get tech savvy, is cybersecurity keeping … – Apr 16, 2019 — Third–party service providers and vendors that have virtual access to information systems. Compromised hardware and software. Software …
Third-party attacks spike as attackers target software … – Aug 22, 2022 — Some supply–chain attacks are highly targeted against a specific organization while others are random, leading attackers to potential secondary …
Third-Party Breaches: Risk in the Supply Chain – Resilience – Oct 18, 2023 — According to CrowdStrike, 84% of leaders believe that software supply chain attacks could become one of the biggest cyber threats to organizations like …
Why do we need to “Dwell” on this problem?
As a procurement professional, do you know what dwell time is?
As “The Owner” of supplier relationships, you should – make that “have to know” what it means and the impact it will have on your organization.
30
Procurement Insights
Why procurement may be the biggest gateway to an enterprise cyber breach
Posted on March 17, 2024
0
Here are excerpts from an April 2010 article in which I interviewed one of the industry’s top cybersecurity experts, Richard Stiennon – How Vulnerable Are We To A Cyberattack? – https://bit.ly/3TlEVkr
✳ Based on the above conclusions, Stiennon suggests that the best way to deal with the threat of a cyberattack is using economic levers as the primary deterrent mechanism “by increasing the costs for the attackers through the improvement of defenses.
✳ Karen S. Evans, former federal CIO under the Bush administration, called for a “focus on continuous monitoring and situational awareness by creating an early-warning system that could sniff out attacks.”
Here is an excerpt from an August 2023 article “How many times would you (or have you) bypass company policy to get the job done?” – https://bit.ly/3NnOXiB
✳ “74% of employees said they would bypass cybersecurity guidance if it helped them or their team achieve a business objective.” – Help Net Security (February 2023)
There is a famous Pogo cartoon in which the character, looking into a mirror, proclaims, “We have met the enemy, and he is us.” Based on the above excerpts from 2010 and 2024, what does it say about cybersecurity and risk?
Who is the “Us”
“Third-party risk is any risk brought on to an organization by external parties in its ecosystem or supply chain. Such parties may include vendors, suppliers, partners, contractors, or service providers, who have access to internal company or customer data, systems, processes, or other privileged information.” – UpGuard
Supply chain attack: being wary of third-party providers – Dec 6, 2017 — There is no end to major cyber breaches that were caused by suppliers. The 2014 Target breach was caused by lax security at an HVAC vendor. This …
As supply chains get tech savvy, is cybersecurity keeping … – Apr 16, 2019 — Third–party service providers and vendors that have virtual access to information systems. Compromised hardware and software. Software …
Third-party attacks spike as attackers target software … – Aug 22, 2022 — Some supply–chain attacks are highly targeted against a specific organization while others are random, leading attackers to potential secondary …
Third-Party Breaches: Risk in the Supply Chain – Resilience – Oct 18, 2023 — According to CrowdStrike, 84% of leaders believe that software supply chain attacks could become one of the biggest cyber threats to organizations like …
Why do we need to “Dwell” on this problem?
As a procurement professional, do you know what dwell time is?
As “The Owner” of supplier relationships, you should – make that “have to know” what it means and the impact it will have on your organization.
30
Share this:
Related