Companies are giving vendor management a fresh look in the wake of a massive supply chain attack, re-evaluating their security practices and contracts with third-party providers.
Suspected Russian hackers launched a malware campaign that was publicly announced in December, exploiting SolarWinds Corp. software and claiming Fortune 500 companies and government agencies as victims.
The attack has incentivized companies’ legal departments to look at contracts with third-party vendors anew to make sure they’re adhering to industry security standards and that proper indemnification provisions—compensation for harm or loss in a breach—are in place.
“This incident will have us rethinking contracts,” said Brian ...