Knowing who and how to mix with others in the digital cookie jar becomes an imperative. Expect to hear more talk of third-party cyber risk contamination. As more firms move to mix suppliers and platforms in the digital candy jar, the greater the chance they have to catching a digital infections, or worse, face an attack. In this post, I thought it may be of interest to you and your clients to dig into SolarWinds, one of the most recent and high-profile digital supplier-initiated attacks. Why? Because we all depend on big enterprises to provide us with services or revenue. I’d say nearly every business is connected to at least one cloud-based application – just think email, your customer management system, etc.
SolarWinds is a global IT service provider to governments, defence contractors and others in the private sector. They suffered a security breach. This incident became public after FireEye, a leading Cyber Security firm and client of theirs, confirmed they were attacked as a result of a compromised SolarWinds product they used for network monitoring.
The SolarWinds hack also showed the impact of a cyber hack on a company’s share value. Canada’s largest pension fund lost $100 million as a result of the hack. It had even invested in SolarWinds two weeks before the hack was disclosed!
We asked business owners how exposed they felt to a business-critical supplier or platform passing on a virus that infected them. How much financial and business trauma that would cause? How long could they operate without access to their website, email or cloud-based operating platforms? Faces dropped. How do they know who they can trust?
You can insure against your connected third-parties getting hacked? Really? Few figured they could insure against this risk. Cyberboxx 2.0 includes Contingent Business Interruption as standard. Contingent business interruption insurance, and contingent extra expense coverage, reimburses lost profits and extra expenses resulting from an interruption of business at the premises of a customer or supplier. It’s a section of coverage that needs to get talked about more.
Finally, have you heard about Doxing Attacks? Doxing attacks are where ransomware gangs threaten to publish stolen data and follow through if their demands are not met. This is also evolving to become a supply-chain issue; as shown by the Cloud Software Provider, Blackbaud’s incident. The cloud software provider thwarted an intended ransomware attack, but not before the hackers were able to exfiltrate a copy of their clients’ data. Affected Blackbaud clients included scores of Canadian charities and sensitive data, including donor records.
Whilst Digital Supplier risk brings a new set of exposures, remember that 2021 is the year of the OX. Its core element is earth, representing “stability and nourishment’ and I hope you and your clients benefit from these positive characteristics as well as business growth and success.