Alexandre Sieira

Yet another reminder of the importance of Third-party Cyber Risk Management: https://cybersecuritynews.com/starbucks-hit-by-ransomware-attack/ #tprm #tpcrm #cyber #security #risk #management

It is worth pointing out that there are no shortcuts on how to manage the security of third-parties. Blue Yonder, the third-party involved in this incident, boast having SOC2 type II and ISO 27001 certifications. They surely answered all of the different self-assessment questionnaires it received to their customers' satisfaction. Their security ratings scores were certainly acceptable, if they were brought on as vendors.

And I know none of those things are strict guarantors of perfect security. Even companies that are mostly doing things well can be compromised. But at the same time, we need to wake up as an industry to the fact that the existing TPCRM practices are failing to protect us.

We need to work together to do better, go beyond the illusion of risk avoidance and risk transfer, and actually manage and mitigate third-party cyber risk.

Nov 26, 2024 at 11:36amWeb
Show threadhrbrmstr πŸ‡ΊπŸ‡¦ πŸ‡¬πŸ‡± πŸ‡¨πŸ‡¦Nov 26, 2024
@AlexandreSieira While I'm against all ransomware attacks, I would not have been disappointed it this had taken out the pumpkin spice cabal for good. https://www.wsj.com/livecoverage/stock-market-today-dow-sp500-nasdaq-live-11-25-2024/card/exclusive-starbucks-wrestles-with-ransomware-attack-on-software-supplier-cZJuRHR4rUCg8rOc9LJQ