Russia’s invasion of Ukraine has elicited a unified response by NATO and its allies, with member nations imposing sanctions on Russia as punishment. Considering that some of the most severe third-party cyber-attacks – such as SolarWinds, Colonial Pipeline and JBS Foods – have been traced to Russia, the U.S. Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have warned businesses and governments to be vigilant against potential ransomware attacks originating from Russia in retaliation for imposing these sanctions.
Below are example questions that you can use to assess the risk facing your third parties (e.g., vendors, partners, suppliers, etc.) related to the conflict. Prevalent has compiled these questions into a multiple-choice Ukraine Conflict Geo-Political Third-Party Impact Assessment, which you can use to determine the business continuity implications of having suppliers in the Ukraine region. If you have suppliers potentially impacted by this event, this assessment is a good starting point to determine your exposure. It is also available to our customers as part of the Prevalent platform's questionnaire library.
Prevalent has curated an 8-question assessment that can be leveraged to rapidly identify any potential impacts to your business by determining which of your third parties are affected by the conflict, and what their mitigation plans are.
Questions | Potential Responses |
---|---|
1) Is the organization located in the region of Ukraine and surrounding areas? Help text: This assessment relates to the ongoing crisis in the Ukraine region, and how organizations have risk-assessed and taken action to protect themselves and their interests, including employees and other stakeholders, services and systems. “Surrounding areas” refers to countries bordering Ukraine. |
Please select ONE of the following: a) The organization is located in the region or b) The organization is NOT located in the region or |
2) Does the organization use vendors that are located in the region of Ukraine and surrounding areas? |
Please select ONE of the following: a) Yes, the organization does use vendors that are b) No, the organization does use vendors, who are |
3) Following emerging events, has the organization conducted a risk assessment to determine the level of impact caused to its employees, stakeholders, services and systems? |
Please select ONE of the following: a) Yes, a risk assessment has been conducted to b) No, a risk assessment has not been conducted |
4) If “Yes” to question #3: What is the level of impact caused to the organization and its employees, stakeholders, systems and services? Help text: Consideration should be given to where the impact has occurred, alongside the level of impact. |
Please select ONE of the following: a) Significant impact to the organization and its employees, stakeholders, systems and services. (Significant impact is defined as: The events have caused safety risks to our employees. Systems or services have stopped working due to security issues. Loss of confidentiality or integrity of data.) b) High level of impact to the organization and its employees, stakeholders, systems and services. (High impact is defined as: There is a high degree of safety risks to employees. Some systems or services have periodically stopped. There is some loss of confidentiality or integrity of data.) c) Low level of impact to the organization and its employees, stakeholders, systems and services. (Low impact is defined as: No impact to employees or stakeholders, minimal or no disruption to service availability. No loss of confidentiality or integrity of data.) d) No impact to the organization and its employees, stakeholders, systems and services. |
5) Does the organization have a documented continuity or recovery plan in place? |
Please select ONE of the following: a) Yes, a documented continuity or recovery plan is in place. b) No, a documented continuity or recovery plan is not in place. |
6) If “Yes” to question #5: Has the organization been required to activate its continuity or recovery plans? |
Please select ONE of the following: a) The organization has activated its continuity and/or recovery plan. b) The organization has NOT been required to activate its continuity and/or recovery plan. |
7) If “Yes” to question #5: Has the organization updated its continuity or recovery plans to identify and address geopolitical risks and events, and has a Business Impact Assessment been |
Please select ALL that apply: a) Business impact assessments have been b) Based on geopolitical risks and events, the c) Recovery Time Objectives (RTO) and Recovery |
8) Who is designated as the point of contact who can answer additional queries? |
Please state the key contact for managing information on event or continuity management. Name: Title: Email: Phone: |
9 Steps to a Third-Party Incident Response Plan
When one of your critical vendors is breached, being ready with a prescriptive incident response plan is essential to preventing your company from becoming the next victim.
Many organizations struggle to get timely information about security incidents impacting their supply chains. Delays between a vendor incident and your own risk identification, analysis and mitigation will leave your organization exposed to operational disruptions. Prevalent can help.
The Prevalent Third-Party Incident Response Service enables you to rapidly identify and mitigate the impact of supply chain incidents by centrally managing vendors, conducting proactive event assessments, scoring identified risks, and accessing remediation guidance. Don’t get caught flat-footed by a third-party cyber-attack you know is coming. Contact us today to learn more or schedule a demo.
Effectively manage third-party cybersecurity incidents with a well-defined incident response plan.
09/24/2024
Why third-party breaches are on the rise, who is being affected, and what you can do...
09/20/2024
Use these 6 tips to improve your third-party breach response procedures.
09/17/2024