| |

When Cyber Risk meets Third-party Risk

“AT&T confirmed yesterday that the company experienced a massive data breach in which an unknown entity stole phone records from almost all of its nearly 110 million customers. The telecommunications giant discovered the breach in April and started an investigation. It found that the hacker accessed the data through an illegal download that targeted a third-party app called Snowflake, which also manages data for other big-name companies like Ticketmaster.” …..N.Y Times News..

Questions to consider:

  • Have you or your organization (like so many others) raised your hand (in surrender) and said, “It’s not if but when we will be hacked”?
  • How are you then preparing to react to “your” inevitability of being hacked? (think response, adaptability, resilience, BCP)
  • How effective are your internal processes (IT and Operations) to make your organization less vulnerable/a hard target?
  • Do you have a robust vendor (third party) risk assessment process?
  • What questions are you not asking as it relates to cybersecurity?

Note to self: If you can’t think it, you can’t act on it.

Let’s think differently and be more proactive, anticipatory, and resilient out there.

Similar Posts

|

The Paria diving Disaster: “Pre Motems” are much better that “Post Mortems”

ByKen Hackshaw

Condolences to the family, friends, and colleagues of those who lost their lives in this catastrophe. The best way for the leaders of these institutions to honor those lives lost is not by talking but by acting. There is a maxim that says: “the uninspected usually deteriorates”. There are risks and hazards (and they are not always the same) that may…

|

Managing Cybersecurity Risks: The Value of Enterprise Risk Management

ByKen Hackshaw

“The Office of the Attorney General and Ministry of Legal Affairs (AGLA) (Trinidad and Tobago) has detected a cyber-attack on its network. In a media release yesterday, The Ministry of Digital Transformation said that “This unauthorized and illegal access has negatively impacted operations at the AGLA and certain associated Divisions. Having taken actions to minimize…

Risk Should Force Heightened Management Awareness, but does it?

ByNM Lewis

Hello folks, I am stating the obvious when I say that compliance and assurance are entirely different endeavors from Risk Management: Strategic risk assessments, as part of an effective ERM framework,  are critical to preempting risks and preventing unfortunate events from occurring in the first place. Organizations can proactively mitigate potential risks/threats by focusing on strategic risk and ensuring they achieve their corporate…

|

Global Cyber Breach: The Need to Manage Vendor Risks, People Risks and More…

ByKen Hackshaw

Several US federal government agencies have been hit in a global cyberattack by Russian cybercriminals that exploits a vulnerability in widely used software, according to a top US cybersecurity agency. Aside from US government agencies, “several hundred” companies and organizations in the US could be affected by the hacking spree, (according to a CNN report). Since late last month,…

|

Why are there no EXISTING Operational or ERM Risk Professionals Included?

ByKen Hackshaw

Fellow colleagues, Please check the link below and share your thoughts/answers to my questions below.This is not meant to be controversial nor am I casting any aspersions and with the greatest respect to the speakers, why aren’t any CURRENT and practicing Operational or ERM risk professionals on the list of speakers, as best as I…

|

Leadership and Accountability Case Study: People Risk Management

ByKen Hackshaw

Demonstrating the management ethos that contributed to his recent induction as a Fellow of the Caribbean Risk Management Academy, the Minister of Public Utilities in Trinidad and Tobago identifies and prepares to act regarding the people risks at the organizations within his portfolio. Visit the website to read the full story published in the Trinidad…