Understanding third-party hacks in the aftermath of the SolarWinds breach

2021-01-15 05:30

In the aftermath of the SolarWinds hack, a better understanding of third-party hacks in any update that you provide to your colleagues, bosses, and even the board of directors may be warranted.

Any such update that you provide on SolarWinds should certainly cover whether or not your organization is one of the 300,000 SolarWinds customers and whether or not you were one of the 18,000 or so that were using the specific version of Orion that was hacked.

The SolarWinds hack is just one example of a third-party, supply chain compromise.

While the scale of the SolarWinds hack is certainly novel, third-party compromises are not.

Third-party supply chain compromises have been happening for years, and most organizations need to have an appropriately staffed and funded sub-team focused on vetting its third parties and contractually obligating them to improve their security as needed to match nation-state threats.

Educate your colleagues, peers, and managers about third-party risks holistically, providing an understanding of the many types of third-party risks that can occur.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/1Ojk98zAuek/

#breach #hack #solarwinds

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Solarwinds		56	33	104	80	50	267