The $64,000 question
Do you trust a 3rd party implicitly, or do you put in place some kind of security buffer between you and them?
'"It can take a simple third-party logistic organization to shut down your entire organization..."'
Over the years I've seen far too many unmonitored permanently open VPNs to 3rd parties "because they need access". Every single channel to the outside world must be actively security checked - that's a basic part of resilience, so stating that "cyber resiliency plays a key role in recovering from an attack" is missing the point (indeed the meaning) of resilience. Stopping as many as possible of the attacks getting through in the first place is its most important element.
Biting the hand that feeds IT
