Shutterstock.
In the recent SolarWinds hack, the routine task of downloading a software update turned into a cybersecurity nightmare for over 18,000 organizations including the Treasury Department, AT&T and up to 85% of Fortune 500 companies. See Jason Murdock, Who Has Been Affected by the Huge SolarWinds Cyberattack So Far?, Newsweek, Dec. 18, 2020. State sponsored hackers broke into SolarWinds and installed malware in its Orion software update, which gave the hackers back door access to the networks of thousands of customers who installed the update. One constructive outcome of that incident is that it has prompted many businesses to reexamine their vendor risk assessment practices.
New York has a statute that requires that organizations select third-party service providers “capable of maintaining appropriate cybersecurity safeguards.” N.Y. Gen. Bus. Law §899 bb, Sec. 2(b)(A)(5). The New York Stop Hacks and Improve Electronic Data Security” (SHIELD) Act (N.Y. Gen Bus. Law §899 aa and bb), which became fully effective in 2020, requires that organizations also document those safeguards in written contracts with those service providers.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]
