When Cyber Risk meets Third-party Risk
“AT&T confirmed yesterday that the company experienced a massive data breach in which an unknown entity stole phone records from almost all of its nearly 110 million customers. The telecommunications giant discovered the breach in April and started an investigation. It found that the hacker accessed the data through an illegal download that targeted a third-party app called Snowflake, which also manages data for other big-name companies like Ticketmaster.” …..N.Y Times News..
Questions to consider:
- Have you or your organization (like so many others) raised your hand (in surrender) and said, “It’s not if but when we will be hacked”?
- How are you then preparing to react to “your” inevitability of being hacked? (think response, adaptability, resilience, BCP)
- How effective are your internal processes (IT and Operations) to make your organization less vulnerable/a hard target?
- Do you have a robust vendor (third party) risk assessment process?
- What questions are you not asking as it relates to cybersecurity?
Note to self: If you can’t think it, you can’t act on it.
Let’s think differently and be more proactive, anticipatory, and resilient out there.