The need for the Third-Party Risk Task Force has been amplified by recent attacks that infiltrated corporate and government networks by way of the SolarWinds Orion business software. (Stephen Foskett/CC BY-NC-SA 2.0)
Recent supply chain attacks prompted cybersecurity professionals, under the auspices of Cybersecurity Collaborative, to stand up a task force focused on minimizing third-party risk.
The need for the Third-Party Risk Task Force, which kicked off this week, has been amplified by recent advanced persistent threat attacks that infiltrated corporate and government networks, due to security vulnerabilities in the supply chains. One example, discovered last month, was a supply chain attack that trojanized SolarWinds Orion business software updates to distribute malware to multiple global victims.
“The ongoing Russian cyberattacks underscore the importance of third-party risk management to organizational resiliency and national security,” said Parham Eftekhari, senior vice president and executive director of Cybersecurity Collaborative. “That’s why developing tools to defend supply chain networks from nation state actors and cybercriminals is a top priority for cybersecurity leaders.”
The Collaborative’s Third-Party Risk Task Force will explore ways organizations can minimize risks from their supply chain, developing a tool (such as a template of controls or a guiding document) that members can share with partners, suppliers, distributors, and service providers to minimize risk. This task force is open to Collaborative member chief information security officers and other cybersecurity executives at large U.S. organizations with more than $1 billion in revenue. The Collaborative does not release the names of part ..