CIO Cyber & Risk Network February 2021
On the Cyber and Risk Network February call, the CIOs and guests spoke about:
1. Their various experiences around the SolarWinds breach, the Accellion breach, and any flow on considerations for third party suppliers (supply chain risk).
2. Open source - despite being reviewed by 'many' eyes, the industry continues to surface vulnerabilities that have been in the code for years. Number of eyes does not equal quality.
3. Privileged Access Management, and a broad discussion around how to use existing tools to deliver on desired outcomes.
4. Password expiry policies and various practices.
5. Working with a cyber insurer, and the insurer’s requirement for the policy holder to nominate a prefered third party for incident response. The call discussed experiences and market perspectives on various incident response vendors, including: Crowdstrike, Mandiant (FireEye), Accenture, and Klein & Co. (now part of CyberCX).