A well thought out security policy
The impact and complexity of digital threats is increasing. The Kaseya supply chain attack is a good example of how sophisticated attacks nowadays are. It underlines the importance of a integrated and well thought out security policy, where we collaborate, share knowledge and are critical about both the internal and external organization. Read more about our approach and how we could work together on this.
An important part of a security policy, in addition to using best practices and standards, is not to blindly trust your suppliers, even if they are reputable. It is important to ask questions, request documents and assess the risks with all of the suppliers, large and small.
A good example are the recent PrintNightmare vulnerabilities we informed you about. Over the weekend, immediately after the announcement, we performed a technical analysis on the vulnerability in order to gain insight into the risk, the impact for our customers and the attack vectors. Based on the technical analysis, we determined the next steps. This structured approach is a permanent part of our way of working and culture: always perform an analysis first, involve all relevant stakeholders and only then determine the next steps. This way, we can make sure we have a well-considered approach to the vulnerabilities and possible risks, whereby the confidentiality of your data is key.
Of course, this is not only up to us, but it is a joint effort. We can learn from each other, join forces and discuss how we can work together on this. Security, privacy and compliance is a broader issue, which we are already discussing with various business partners and would also like to discuss with you. We do not have a monopoly on wisdom and would also like to hear your insights in order to develop an integrated security policy.