Local Challenges, Global Solutions - Building Cyber Resilience Together in a Post COVID-19 World

OECD event hosted by Israel National Cyber Directorate

Managed Service Providers: a target of choice for supply chain attacks?

Jun 8, 2021 | 1:00 PM - 2:15 PM


Recent cyber-attacks such as SolarWinds have shown how malicious actors increasingly leverage vulnerabilities in supply chains to reach their ultimate targets. Such supply-chain attacks may involve managed service providers (MSPs), i.e. specialist firms that provide services such as network management or digital security. As they typically have privileged access to their customers’ information systems, MSPs can be used as a powerful attack vector. Given that MSPs often have a multitude of customers, including across borders, a security breach in an MSP can have significant consequences for a large number of businesses and public sector organisations globally. This session will discuss the role of MSPs in supply-chain attacks and avenues for policy makers to better address this risk in the future, including through co-operation with other stakeholders and at the international level. Possible topics for discussion will include: • How can governments further incentivise MSPs to strengthen their digital security risk management practices? • What best practices can organisations implement to better manage the risk associated with their MSPs? • How can governments leverage international and multi-stakeholder co-operation to better manage the risk associated with MSPs?



Event sponsored by TÜV SÜD