HackerTrans
TopNewTrendsCommentsPastAskShowJobs

VendorManager

no profile record

Submissions

Lessons from Volkswagen Breach

vendormanagementoffice.net
1 points·by VendorManager·5 tahun yang lalu·0 comments

comments

VendorManager
·5 tahun yang lalu·discuss
Disagreements can be draining. I don’t know what are they disagreeing about, however I believe if you research and find facts from authoritative source, people listen to it. Using statistics is another powerful way to show what do the numbers say. If the disagreement is constructive, i prefer that over destructive criticism where nobody wants to learn and try to arrive at a decision.

Try that and let me know if it works.
VendorManager
·5 tahun yang lalu·discuss
[dead]
VendorManager
·5 tahun yang lalu·discuss
http://www.vendormanagementoffice.net

I am working on spreading awareness about a robust Technology Vendor Management program. This is an area that lacked focus and is very important for company of any size.

Whether you are a startup or a large organization trying to sell something that involves technology, or whether you are on the purchase side of the table, both parties need to understand the nuances. Why are few things important to a client such as your SOC 2 report, ISO27001 report, why is the client asking for regular governance cadence to discuss SLAs, what is the risk, why are vendor’s security controls important Etc.

I am getting amazing response from people in Technology, Procurement, Third Party Risk Management and Cyber Security for a common place to consume information.

I hope the momentum continues.
VendorManager
·5 tahun yang lalu·discuss
Getting talent from external vendors is complicated. There are various factors. First consideration i’d have would be whether they are working remotely or from an office. How do they protect my information. If the contractor works remotely from home with minimum security controls, then that’s a red flag for me.

Managing vendors is time consuming activity, but every company must have a vendor management office.

http://www.vendormanagementoffice.net
VendorManager
·5 tahun yang lalu·discuss
A very well written article with tons of useful information. Thanks for sharing.

However most of it still applies to other vendors who have access to your data that needs to be protected. Companies need a robust vendor management program that reviews vendor compliance regularly.

Volkswagen breach is the best example of ignoring whether your vendor has sufficient security controls.

http://www.vendormanagementoffice.net/2021/06/lessons-from-v...
VendorManager
·5 tahun yang lalu·discuss
Companies should focus on patching their end points and their vendor’s systems as well. So many companies have not upgraded /patched their systems even after the vulnerability was disclosed.

Why should you patch? Read below..

http://www.vendormanagementoffice.net/2021/05/why-should-tec...
VendorManager
·5 tahun yang lalu·discuss
Bitcoin is a hacker’s favourite choice for ransom demand due to lack of regulatory oversight and control as the legal tender has. KYC and other rules need to be implemented on crypto currency too.

Read more here:

http://www.vendormanagementoffice.net/2021/06/us-recovers-mi...
VendorManager
·5 tahun yang lalu·discuss
Backups and disaster recovery sites are definitely important from business continuity perspective, but there is a bigger risk of leaking PII and other sensitive information such as SIN / Social security numbers if the software vendor has access to it. Your business might be able to recover from backup if the hacker has not encrypted it, but the hacker for sure will be maliciously using the PII information to send phishing emails.
VendorManager
·5 tahun yang lalu·discuss
The insurance cost is increasing due to rising ransomware attacks. This is causing a lot of stress within insurance companies and insured companies. An HBR post cited that this is a new niche for insurance companies and 5 big ransom demands can wipe out the insurance premium they collected from 250 customers.

Relevant analysis here:

http://www.vendormanagementoffice.net/2021/06/cyber-insuranc...