The 2017 M.E. Docs cyber-attack that crippled hundreds of companies crafted the blueprints for hijacking a vendor to attack clients through their trusted vendors. These attacks herald a new generation of supply-chain based attacks that pit vendor and client against each other as they struggle to navigate co-managed risk mitigation and the resulting consumer, regulatory and legal backlash. In 2018, eSentire detected and mitigated an exploit that targeted a key remote administration tool, relied upon by a multitude of managed security service firms. The exploit was used to deliver a dangerous payload to their client base. In this talk, Mark Sangster will provide frameworks for assessing your vendors’ cyber resilience and discuss building a trusted supply-chain through co-managed cybersecurity programs, open communication and event notification, and proactive contractual obligations.