Third-Party Risks: Mitigation Techniques and Rewriting Policies
Thanks to the SolarWinds incident, 2021 brought the focus back on third-party risks.
The third-party risk is not a new phenomenon worldwide. The ransomware attack made on Saudi Arabia’s oil giant Saudi Aramco involving a $50 million ransom which likely came from one of its third-party contractors, stands testimony to this. The attackers stole 1TB of data, including company information, customer invoices, and extensive employee profiles complete with PII data.
What are the lessons learned from such attacks despite practitioners taking due diligence that helps reduce the potential for third-party risks? The panel will deliberate on the modus operandi of such attacks and risk mitigation techniques.
The panelists will:
- Walk us through the attack scenarios
- Talk about the lessons learned from such ransomware attacks
- Tell us how to rewrite the security policies in aligning with third-party suppliers