Supply Chain Cyber Attack

10 Ways to Protect Your Organization Now

In December 2020, the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. federal government issued an emergency directive to disconnect or power down SolarWinds Orion products after it was discovered malicious actors were exploiting the software. The implications of this announcement were immense, as SolarWinds is a security vendor that helps monitor the IT networks of every branch of the U.S. military, four-fifths of the Fortune 500, and numerous other organizations. The full impact of this compromise is still being investigated, and the CISA expects that cleansing the compromised environments will be highly complex and challenging for organizations.

Group of people stand together in digital strategy session

Register to Watch Here

Presenter:
Stephen Head, CISSP, CISM, CISA, CDPSE
Regional Practice Director - Risk & Compliance
Jefferson Wells

Organizations depend on third-party commercial software not only for securing their networks, but also for managing and storing customer data, financial accounting and reporting, and fulfillment of core business processes. Managing the cyber aspects of these software supply chains is an area of critical concern. Join us as we discuss the impact of the SolarWinds compromise within the larger context of software supply chain vulnerabilities.

This webinar will examine the following key areas:

  • Background information on how the attack was conducted
  • Control weaknesses allowing the attack to be so successful
  • How this risk goes beyond SolarWinds to include thousands of software products
  • Warning signs an organization may be at significant risk of compromise
  • 10 steps an organization should take right now

Regardless of your industry, this session will provide practical advice on how to protect your systems and data from these types of attacks, and alert you to actions your organization can take now to avoid becoming the next victim.

About the presenter:

Stephen Head

Stephen Head

Stephen has broad-based experience in cyber risk, regulatory compliance, IT governance and aligning controls with multiple standards and frameworks. He is the author of the internationally recognized Internal Auditing Manual and Practical IT Auditing, both published by Thomson Reuters, and has served as International Chair of ISACA's Standards Board. Stephen is a CPA, CISSP, CISM, CDPSE, CMA, CFE, CISA, CGEIT, CRISC, CBCP, MCSE, CHP, CHSS, CITP, CGMA, CPCU, and holds an MBA from Wake Forest University.