Ultimate Access Podcast

Cyber Security - Vendors

May 16, 2020 Anju De Alwis Season 3 Episode 1
Ultimate Access Podcast
Cyber Security - Vendors
Chapters
Ultimate Access Podcast
Cyber Security - Vendors
May 16, 2020 Season 3 Episode 1
Anju De Alwis

In this episode I discuss Cyber Security related to Vendors. As a finance professional it is important topic to consider and be an active business partners.

 Some of the links that you might find useful are;
Vetting third party IT security partners
Uber warns cyber attacks could cripple its business


We deliver  online courses related to finance, accounting, business, strategy and technology please visit our website www.ultimateaccess.net discover courses we have on offer.

If you would like to contact me directly email [email protected] 


Show Notes Transcript

In this episode I discuss Cyber Security related to Vendors. As a finance professional it is important topic to consider and be an active business partners.

 Some of the links that you might find useful are;
Vetting third party IT security partners
Uber warns cyber attacks could cripple its business


We deliver  online courses related to finance, accounting, business, strategy and technology please visit our website www.ultimateaccess.net discover courses we have on offer.

If you would like to contact me directly email [email protected] 



Good day everyone. My name is Anju De Alwis. This podcast is brought to you by ultimate access. The full details of our business management courses can be found in                www.ultimate access .net


In today's session, I like to discuss cyber security and the threats that are there. 

Now, let us first look at what are we trying to protect the company will have different types of information, and this information can be customers information, the organization's information. And if you look at a customer's information can be personal information and it can further go down into personal identifiable information. 

That is something really important and something that Need to protect. And there are rules and regulations related to protecting this information such as GDPR  the business information of a company that needs to be protected as well. And, of course, the classified information that a company has. 

I think it is really important for us to first understand how we capture this information, if it's personal identifiable information, how do we capture it? Where is it stowed, who has access to it? What are the consequences? if there are any breaches. 

These are some of the questions that need to be answered, because then we will understand how important certain information is and we will treat them as assets. Unfortunately, this information does not come into the financial statements and they are not  treated as assets. In that sense.

 However, we all know what can happen to a business, if there are any breaches. Let us look at some examples where there were breaches of this nature. 

One is Uber, as Bloomberg stated, Uber discovered the data breach in late 2016. Uber informed the hackers have stolen the personal information of about 57 million customers and drivers. Now this is significant, isn't it? 

Then let's look at another issue. a data breach occurred at Target where hackers tapped into a third party HVAC company to steal credentials to gain access to targets network, the hackers gain access to target through a third party. And in fact in this case, it was one of the suppliers to target. 

Another interesting example is with a car manufacturing company, and looking at some of the components that go into the car; the importance of we understanding the cybersecurity related to it.Two  security researchers were able to take over a Jeep Cherokee while it was being driven. This was a research activity, researchers exploited a vulnerability in the cars radio and infotainment system. Fiat Chrysler does not manufacture their own entertainment system and they get it from another party. 

Therefore, you need to be very cautious about your supply chain, you need to audit your supply chain. You need to find out more details about your supplier, how they manufacture, and more details about their cybersecurity as well. It is important for you to understand the cyber security space in your organization and the strategy that you're going to follow. But it is also important that you get a view and understanding of your supplier's cybersecurity strategy, the plans and what has been executed so far.