End of year wrap: What the Four Seasons Total Landscaping debacle taught us about privacy and security

It’s been a dumpster fire of a yearand so, for our end-of-year wrap, we looked to the most ridiculously hilarious moment of the year.

Here are five lessons we took from the infamous Four Seasons Total Landscaping debacle: 

Is supplier risk management useless?

 

So here we are again. Another supply chain attack which has led to the compromise of highly sensitive computer networks. Is this the point we draw a line under supplier risk management, put hands up and say ‘too hard’? Alex Stamos, Adjunct professor at Stanford University’s Center for International Security and Cooperation and former chief security officer (CSO) at Facebook seems to think so. In a tweet following the SolarWinds compromise he said,

“Vendor risk management is an invisible, incredibly expensive and mostly useless process as executed by most companies. When decent, it happens too late in procurement.”

For those of you who follow our blogs, you will know that this is a subject we also have strong views on. It is our view that supply chain risk is something companies cannot solve on their own. We were therefore delighted to see statements in the 2020 Australian Cyber Security Strategy that help is on its way:

“The Australian Government will establish a Cyber Security Best Practice Regulation Task Force to work with businesses and international partners to consider options for better protecting customers by ensuring cyber security is built into digital products, services and supply chains.”

What this Task Force looks like outside of the conceptual, we will need to wait and see. Given recent events however, we at elevenM hope whatever the action is, that it gets delivered sooner rather than later.

News round-up Dec 2020 – Escalation in ransomware tactics, world-first privacy settlement and more

December 1, 2020

Helping your business stay abreast and make sense of the critical stories in digital risk, cyber security and privacy. Email news@elevenM.com.au to subscribe.

The round-up

For what appears to be the first time, a privacy settlement has dictated the need for an organisation to consider gender-based privacy risks. We look at the implications of the settlement in this roundup. Believe or not, there’s been yet another escalation in ransomware extortion tactics, while we look at why the Government’s critical infrastructure security bill is causing tech companies to get hot under the collar.