Another colossal cyber-attack on the global supply chain took place this month, which saw over 1,500 businesses infected with ransomware via a breach of a third-party vendor, Kaseya. The breach comes on the heels of other large-scale supply chain attacks against SolarWinds, Microsoft, and other major third-party vendors.
This brings critical questions to the forefront for our industry: who is accountable for supply chain breaches and who owns the risk?
In this CyberPHIx episode, we attempt to answer these questions during this engaging podcast interview with Eric Zematis, Chief Information Security Officer for Lehigh University.
Eric discusses approaches for managing liability for supply chain attacks including business accountability and communication, cyber liability insurance, third-party vendor obligations, and government intervention.
Highlights of the discussion include:
- Managing and communicating third party risk with the business
- Accountability for the business in oversight and management of vendor risk
- The history and evolution of cyber liability insurance
- Cyber liability policies and coverage considerations
- Supply chain vendor accountability before, during, and after breach events
- Government accountability and roles in combatting supply chain cyber attacks
- Standards organizations and resources for managing supply chain risks