The NotPetya Ransomware Attack: A Lesson in Vendor Risk
The recent NotPetya ransomware attack has garnered international attention as another large-scale ransomware attack with a global impact. While this was far from the typical malware, much focus of the response to NotPetya has been in terms of the cybersecurity lessons learned and much less attention has been placed on the angle of vendor risk and extreme reliance of the Ukrainian government on a small vendor for their taxation software. This brief will provide you with a high-level synopsis of the steps you can take as a government agency to manage the risk associated with unilateral reliance on a specific vendor for critical technical infrastructure and systems. A holistic risk management approach is multifaceted and does not limit itself to cybersecurity capabilities alone.