Navigating Cyber Attacks: What To Do When A Vendor Gets Attacked

Thousands of businesses face significant disruptions when their vendors experience cyberattacks.

Recent cyberattacks on industry software providers have highlighted businesses' vulnerability when their vendors are compromised. These attacks can lead to the shutdown of critical systems, forcing companies to revert to manual processes and causing widespread discomfort and operational challenges.

"Everything is messed up — we have to do everything manually," said a business manager. "There's discomfort for everybody, us, management, and customers."

Here's what you need to know about the impact of such cyberattacks and what you can do if your business is affected.

What Happens When a Vendor's Systems Are Compromised?

Vendors experiencing cyberattacks, more often than not, shut down their systems as a precaution to investigate the incident. This shutdown can temporarily lose access to essential services and systems that businesses rely on. Multiple incidents or prolonged recovery times can exacerbate the disruption.

How Long Will the Effects Last?

The impact duration can vary, but cybersecurity professionals indicate it could take weeks for a vendor to restore all systems fully. Most organizations lack high-quality, tested disaster recovery and business continuity plans to manage such large-scale attacks effectively. The ripple effect of such disruptions can be significant, especially for businesses heavily reliant on the affected vendor.

Can Business Continue During the Disruption?

The ability to continue operations during a vendor's disruption depends on the nature of the business and the extent of the dependency on the vendor's services. Some operations may be completed manually or through alternative methods, but critical processes like transaction finalization, compliance, and data access may be delayed until the vendor resolves the issues.

How Will This Get Fixed?

The first step in resolving such incidents involves identifying the points of compromise and exposure within the systems. Due to the complex nature of their networks, large companies often face challenges in accurately reporting the extent of cyberattacks initially.

Meanwhile, businesses are encouraged to develop contingency plans to continue operations without relying solely on digital systems. This approach underscores the importance of resilience measures and preparedness.

Steps for Affected Businesses

If a vendor's cyberattack impacts your business, here are immediate and long-term actions you can take:

Be Proactive

• Conduct regular 3rd party risk and business impact assessments

• Implement an Incident Response Plan that focuses on business recovery

• Include runbooks for contingency and conducting manual operations with your response plan

Immediate Actions

1. Assess the Impact: Determine which systems and operations are affected by the vendor's disruption.

2. Communicate Internally: Inform your staff about the situation and outline immediate steps and precautions.

3. Contact the Vendor: Get details about the scope of the attack, estimated downtime, and recovery steps from your vendor.

Short-term Measures

1. Engage IT and Cybersecurity Experts: Consult professionals to assess vulnerabilities and ensure your systems are secure.

2. Notify Customers and Stakeholders: Keep your customers and stakeholders informed about the disruption and provide regular updates.

3. Implement Contingency Plans: Use backup systems or manual processes to maintain critical operations where possible.

Legal and Compliance

1. Review Contracts: Examine your agreements with the vendor for service disruptions, cybersecurity incidents, and liability clauses.

2. Consult Legal Counsel: Get legal advice to understand your rights and obligations, including potential reporting requirements.

3. Document Everything: Maintain detailed records of the incident, communications with the vendor, and any steps taken in response.

Long-term Strategies

1. Cyber Insurance: If you have cyber insurance, report the incident to your insurer and understand your coverage.

2. Strengthen Cybersecurity: Enhance your cybersecurity measures, including staff training and updated software, to prevent future attacks.

3. Evaluate Vendor Reliability: Assess the vendor's response and reliability. Consider renegotiating terms or changing vendors to protect your interests better.

Conclusion

Vendor-related cyberattacks highlight the critical need for robust cybersecurity measures, incident response, and business resiliency plans in today's digital landscape. By taking proactive steps and learning from these incidents, businesses can better prepare for future disruptions and ensure business continuity.

For more information on Business Continuity and Incident Response Planning, visit Attronica.ai.