This week, Brian, Erik, and Dan look into the security impacts of last week’s Silicon Valley Bank closure, both from a direct security risk, but also what we can learn about risk from the events leading up to the incident that we can apply to our information security responsibilities.

Brian kicks it off with a great description of how Silicon Valley Bank got here (based on what we knew on 12 March 2023 – subject to change as more becomes known after). And from that, we go some of the direct and indirect lessons and implications such as:

  • Fraud attempts amongst a bevvy of legitimate bank account payment change requests from companies. Check from a known source before changing where you pay.
  • Putting all your eggs into one (infosec or financial) basket can be risky. And risk can bring great rewards, or great resentment
  • Evaluating vendors for where they bank as part of third party risk management (or not)
  • Clear insight to tough choices that have to be made to keep small business and startups running – sometimes that’s not “doing every thing of security”
  • Business continuity planning requires a more realistic “yeah that could happen” when doing the review
  • Remember that there is no such thing as no risk, just determining the right balance of (realistic) risk and downtime for your organisation
  • If one vendor goes away suddenly, what happens? What about if 6 go away all at once?
  • Diversity of suppliers vs. focusing on basics in the security stack

Along with some strong recommendations (or maybe they are warnings) for our security vendor listeners on how not to use this incident as a sales tool (tl;dr: DON’T!), there are a few correlations to the automotive industry. And check out the book club recommendations in the show notes on our website, too.

Since we recorded another bank, Signature Bank, has also been closed and placed into receivership. On behalf of all of us at Great Security Debate, we wish all those affected either as companies of these banks or their customers good wishes and hope for good news ahead on the recovery of funds.

Thanks for listening!

Support The Great Security Debate