Unlock

This content is not available with your current subscription.

Your current Info-Tech Research Group subscription does not include access to this content. Contact your account representative to learn more about gaining access to Government.

Contact Your Representative
or Call: 1-888-670-8889 (US) or 1-844-618-3192 (CAN)

The NotPetya Ransomware Attack: A Lesson in Vendor Risk

Date published:

09/12/2017

The recent NotPetya ransomware attack has garnered international attention as another large-scale ransomware attack with a global impact. While this was far from the typical malware, much focus of the response to NotPetya has been in terms of the cybersecurity lessons learned and much less attention has been placed on the angle of vendor risk and extreme reliance of the Ukrainian government on a small vendor for their taxation software. This brief will provide you with a high-level synopsis of the steps you can take as a government agency to manage the risk associated with unilateral reliance on a specific vendor for critical technical infrastructure and systems. A holistic risk management approach is multifaceted and does not limit itself to cybersecurity capabilities alone.

Author

  • Daniel Black