www.vanguardcanada.com FEBRUARY/MARCH 2019 45
the last WORD
by katherine thompSon
there is a rarely discussed
aspect to the high-profile
data breaches of target
and home depot. in both
cases the installation of
malware was achieved
through small companies
who were working with the
retail giants, and in both of
these cases, the smaller
companies were forced
out of business as a result.
W
hat these incidents high-
light is the growing risk
created by the supply
chain. In March 2017,
the New York State De-
partment of Financial Services - Cyberse-
curity Requirements for Financial Services
Companies (23 NYCRR 500) legislation
was introduced. As part of this legislation,
the industry is now required to include
their supply chain as part of their overall
risk matrix. This means that for suppliers
dealing with a financial services organiza-
tion there is now an increased responsi-
bility to document and demonstrate a
certain level of cybersecurity maturity in
order to conduct business. While some
have complained that this would limit
market access for small to medium-sized
businesses, others have commended the
industry for being the first to acknowl-
edge the increasing connectivity we have
to others, and the risks that this creates.
In the defence sector, the discussion
around risk and supply chain is longstand-
ing. In December 2018, The Aerospace
Industries Association (AIA), an Arling-
ton, Virginia based trade association that
lobbies on behalf of defense contractors,
released a set of voluntary standards de-
signed to help U.S. aerospace companies
ensure the weapons systems they make
for the U.S. military are secure against
cyber attacks. With this announcement,
the AIA acknowledged that U.S. defense
companies now see cybersecurity as part
of their competitive advantage as they
build complex systems for the military.
A Memorandum of Understand (MOU)
was signed between Israeli-based Naval
CybERsECuRity
and the naval industry
