An appropriate response
In recent months we have seen several high-profile notifications of security vulnerabilities by leading vendors. The SolarWinds hack and the latest Cisco vulnerability raise some interesting questions. Mandated breach and vulnerability notifications mean these incidents go beyond good customer service or corporate citizenship. One of the reasons companies choose solutions from tech giants is the implied security of products and services backed by millions, if not billions in R&D. Users are justifiably concerned about what this means for the security of their systems and data.
In reality, the majority of customers will not make a knee-jerk reaction and move to rip out the systems in question. It’s unlikely that the budget is immediately available and it doesn’t make sense from a technical or operational perspective. So, how can you protect your business against these issues and any potential impact on your infrastructure? How should you judge your suppliers in the light of similar events?
In our experience, not panicking is the best option. Work closely with your strategic partner (service provider) to understand the impact of any disclosed vulnerability on your environment. Develop a clear plan for mitigating, or eliminating, risk.
At this point it is vital you have a strong relationship with both your systems integrator and your vendor. It will help you truly understand the impact of the vulnerability and cut through the fog of media hysteria that often accompanies systems’ security notifications. If you can gain access to senior architects across all areas of your supply chain, you’ll be in a good position to respond appropriately. Remember to respond, not simply react. A rapid response will allow you to mitigate risk without major disruption to your business.
A trusted advisor
What happens if your service provider or systems integrator says they can’t help, or they can’t provide the right level of access to vendor resources? We appreciate that hindsight can be 20:20 when it comes to cyber-security, but it is important to consider whether your current technology partners, or those that you are considering future engagements with, are able to provide the right level of response.
A proactive approach is best. It’s better you hear about a potential vulnerability from your service provider than read about it in the headlines. An experienced incident response team should provide access to the right resource at the right time. Above all, you’re looking for honesty and open lines of communication.
Trust is the foundation of many relationships, and it’s no different when it comes to your IT supply chain. The continued success of your IT projects, and the ongoing management of your IT environment, are dependent upon the ability to engage regularly, and honestly, at the right level. If you trust your partners, it can save a lot of pain and uncertainty when confronted with a major vulnerability.
Are you concerned about vulnerabilities in your existing environment, or how your existing partners and vendors might respond to future vulnerabilities?
If you would like to have a confidential conversation to discuss your options, contact one of our network security experts today. Call us on +44 (0)20 7749 0800 or email firstname.lastname@example.org.