Recent supply chain attacks prompted cybersecurity professionals, under the auspices of Cybersecurity Collaborative, to stand up a task force focused on minimizing third-party risk.
The need for the Third-Party Risk Task Force, which kicked off this week, has been amplified by recent advanced persistent threat attacks that infiltrated corporate and government networks, due to security vulnerabilities in the supply chains. One example, discovered last month, was a supply chain attack that trojanized SolarWinds Orion business software updates to distribute malware to multiple global victims.
“The ongoing Russian cyberattacks underscore the importance of third-party risk management to organizational resiliency and national security,” said Parham Eftekhari, senior vice president and executive director of Cybersecurity Collaborative. “That’s why developing tools to defend supply chain networks from nation state actors and cybercriminals is a top priority for cybersecurity leaders.”
The Collaborative’s Third-Party Risk Task Force will explore ways organizations can minimize risks from their supply chain, developing a tool (such as a template of controls or a guiding document) that members can share with partners, suppliers, distributors, and service providers to minimize risk. This task force is open to Collaborative members, who are senior IT security leaders at large U.S. organizations with more than $1 billion in revenue.
In addition to the Third-Party Risk Task Force, the Collaborative announced this week the formation of the Asset Management Task Force, to develop strategies for medium to large U.S. organizations to identify and secure relevant digital assets. The Collaborative does not release the names of participating task force members.
The Cybersecurity Collaborative is a membership community for cybersecurity, privacy, and risk leaders to share best practices that maximize their defense readiness. To find out more, visit www.cyberleadersunite.com.