The 2017 M.E. Docs cyberattack that crippled hundreds of companies crafted blueprints for hijacking a vendor by targeting and attacking clients through trusted vendor partners. These events herald a new generation of supply chain-based attacks that pit vendor and client against each other as they struggle to navigate co-managed risk mitigation and the resulting consumer, regulatory and legal backlash.
In 2018, eSentire detected and mitigated an exploit that targeted a key remote administration tool relied upon by a multitude of managed security service firms. This exploit was used to deliver a dangerous payload to their client base. In this talk, Mark Sangster will provide frameworks for assessing your vendors' cyber resilience and discuss building a trusted supply chain through co-managed cybersecurity programs, open communication and event notification, and proactive contractual obligations.