Cyber resilience: A business imperative CISOs must get right
May 16, 2024 – Published on CSO Online
With ransomware at an all-time high, companies need to understand that being cyber resilient means going beyond compliance to considering all aspects of a business, from operational continuity to software supply chain security.
Accepting the inevitability of a breach could help companies become more cyber resilient than they are today. All too often, organizations view resilience as a box-ticking exercise for regulators, failing to equip their CISOs with everything they need to truly bounce back after an attack.
Unfortunately, analyzing the software supply chain often falls under that category, remaining an underdiscussed aspect of cyber resilience.
Organizations should conduct thorough penetration tests and risk assessments of their supply chains, implement cybersecurity requirements for vendors, and establish contingency plans to mitigate the impact of supply chain disruptions on their operations.
When looking at a potential vendor, especially one that will be connecting to a company’s private network, security leaders must ensure that contracts or master service agreements (MSAs) are very specific about overall resilience, both cyber and business, says Bobby Williams, business continuity team lead at GuidePoint Security.
“A vendor should be contractually responsible for defined business continuity, disaster recovery, and information security programs,” Williams adds. “A defined testing program to demonstrate the vendor’s resilience should be in the contract, and the test results should be available for the company to review.”
Read More HERE.