Marketron Broadcasting Solutions, whose products and services support multimedia advertising campaigns across television, radio, and digital media, was struck with a cyberattack over the weekend.
Marketron’s website notes that “Marketron is experiencing a cyber event, which is impacting certain business operations….currently, all Marketron customers may experience an interruption in services as a result.” This is a “significant outage” as the company “serves more than 6,000 media organizations globally and manages $5 billion in annual U.S. advertising revenue, representing more than 1 million advertisers.”
Supply Chain Risk Management
At Shared Assessments, we often discuss the importance of “Nth Party Due Diligence.” The 6,000 Marketron customers, and the customers of these customers, likely have not identified Marketron as being critical path in their business operations.
The importance of supply chain risk management is on full display with Marketron’s cybersecurity incident. Having a TRPM program which addresses Nth party due diligence is vital in today’s increasingly complex supply chain.
Cyberattack Best Practices
Marketron is handling this issue with grace and transparency. CEO Jim Howard says Marketron is communicating with both BlackMatter (the Russian criminal organization who launched the attack) and the FBI.
CEO Howard has communicated that, “All available resources are being applied to restoring systems as quickly as possible. This includes working with third-party security experts and bringing in additional resources. While security and rapid disaster recovery have been top priorities, we obviously have not done enough. We know you count on us to keep your business operational, and we are extremely sorry for this impact.”
The cyberattack on Marketron is causing operational lapses and this points to the need for risk management programs to identify critical security controls within their organization’s supply chains.
TPRM programs and their management of supply chain risk can’t afford to be ‘all bark and no bite.’ Policies, procedures, and questionnaires are a great start, but there must be a point in the process where critical security controls are verified.
It is likely that Marketron suffered from a control failure, either internally, or possibly from one of their third or fourth parties. All companies must have intimate knowledge of their suppliers and those down the supply chain with a potential impact on operations.
To read more about best practices for Supply Chain Risk Management, download the Shared Assessments guide to Gaining Visibility into Nth Party Governance.