Trial lock

This content is not available with your current subscription.

Your current Info-Tech Research Group subscription does not include access to this content. Contact your account representative to learn more about gaining access to State.

Contact Your Representative or Call: 1-888-670-8889 (US) or 1-844-618-3192 (CAN)

Date published:


The recent NotPetya ransomware attack has garnered international attention as another large-scale ransomware attack with a global impact. While this was far from the typical malware, much focus of the response to NotPetya has been in terms of the cybersecurity lessons learned and much less attention has been placed on the angle of vendor risk and extreme reliance of the Ukrainian government on a small vendor for their taxation software. This brief will provide you with a high-level synopsis of the steps you can take as a government agency to manage the risk associated with unilateral reliance on a specific vendor for critical technical infrastructure and systems. A holistic risk management approach is multifaceted and does not limit itself to cybersecurity capabilities alone.
  • Daniel Black