Everything Has Been Disclosed. The Source Has Been Destroyed, But The Attacks Continue, and Tensions Rise

Many organisations rely on critical suppliers to provide essential goods and services in today’s interconnected world. These suppliers may manage sensitive information and systems necessary to business operations. However, what happens when a critical supplier experiences a cyber attack and their clients’ data becomes encrypted?

Cuba to Sudan, Treat to Sweden's Security  motivated by Anonymous Sudan

The aftermath of such an incident raises questions about trust. Can the supplier be trusted, and how can trust be restored? Is trust restored once the incident is resolved, or does it linger long after restoring the systems? What happens when everything appears to return to “normal,” and how do past learnings impact future discussions when it is time to procure next-generation technology?

The impact of a supplier’s cyber attack on trust can be far-reaching. Clients may question the supplier’s ability to protect their data and systems, leading to a loss of confidence and potential damage to the supplier’s reputation. Additionally, clients may question their cybersecurity posture, wondering if they were adequately protected against such an attack.

Restoring trust after a breach can be a complex and ongoing process. It may involve a detailed assessment of the supplier’s cybersecurity practices, including their incident response plan, security controls, and compliance with regulatory requirements. Clients may also need to review their cybersecurity posture, identify any vulnerabilities that may have contributed to the breach, and take steps to address them.

Once trust has been restored, it is essential to maintain an ongoing dialogue with the supplier about cybersecurity. This may include regular assessments of the supplier’s cybersecurity posture, ongoing training and awareness programs, and frequent communication about potential threats or vulnerabilities.

A cyber attack on a critical supplier can significantly impact trust between the supplier and their clients. Restoring trust is a complex and ongoing process that requires a collaborative effort from both parties. By taking proactive steps to address cybersecurity risks and maintaining open communication, organisations can work together to build and maintain a strong foundation of trust.

The Importance of Trust in Business Relationships with Critical Suppliers

Trust is crucial to any successful business relationship, especially when working with critical suppliers. A lack of trust can lead to a breakdown in communication, missed deadlines, and even financial loss. This is why it is essential for organisations to carefully consider their trust level in their critical suppliers before entering into business relationships with them.

When a critical supplier experiences an encryption incident, it can significantly impact the trust between the supplier and their clients. Clients may question the security and reliability of the supplier’s systems and processes and may even consider switching to a different supplier.

Building a solid foundation of trust between a critical supplier and their clients can help to mitigate the impact of any potential incidents and strengthen the overall business relationship. Therefore, organisations need to consider their trust level in their critical suppliers before an incident occurs. They should conduct due diligence to ensure the supplier has robust security measures to prevent and respond to incidents like encryption.

The Growing Threat of Cyberattacks in Sweden: CUBA to Sudan and Anonymous Sudan

The Consequences of a Critical Supplier’s Encryption for Client Trust
When a critical supplier experiences a cybersecurity breach, it can have significant consequences for the trust that clients have in them. In particular, if client data is encrypted or otherwise compromised due to the breach, it can erode trust between the supplier and its clients.

The consequences of a breach of client trust can be severe, particularly if clients feel that the supplier was not adequately prepared or responsive to the breach. Clients may be reluctant to continue doing business with the supplier, mainly if the breach has caused them financial or reputational harm. Even if the breach is eventually resolved and client data is recovered, the damage to trust may be challenging to repair.

One potential consequence of a breach of client trust is the potential for long-term damage to the supplier’s reputation. If news of the breach spreads, it may become more challenging for the supplier to attract or retain new clients. This could be particularly problematic if the breach were caused by the supplier’s failure to protect client data adequately.

Ultimately, the consequences of a critical supplier’s encryption for client trust can be far-reaching and difficult to predict. The best way for suppliers to mitigate these risks is to take cybersecurity seriously, implement appropriate safeguards and protocols, and be transparent and responsive during a breach.

Restoring Trust After a Critical Supplier’s Breach

When a critical supplier’s encryption leads to a breach of client trust, restoring that trust becomes crucial. It can take time, effort, and resources to rebuild relationships and regain confidence. It is essential to communicate transparently and quickly with affected clients, explain what happened clearly, and outline the steps taken to resolve the issue and prevent future incidents.

Rebuilding trust also involves being proactive about addressing concerns and taking steps to prevent future incidents. This may include investing in additional security measures, implementing regular security audits, and providing ongoing training and education to employees and clients.

In some cases, it may be necessary to engage a third-party auditor to assess the supplier’s security practices and recommend improvements. The supplier should also be willing to participate in a post-incident review and take responsibility for any weaknesses or failures in their security practices.

Ultimately, restoring trust after a critical supplier’s breach requires a commitment to transparency, communication, and action. It may take time and effort, but it is necessary to maintain strong business relationships and protect the security and integrity of critical business operations.

The Role of Communication in Rebuilding Trust After a Breach

Effective communication is crucial in rebuilding client trust after a breach caused by a critical supplier’s encryption. Communication should be transparent and timely and provide clear and accurate information on what happened, what actions are being taken to mitigate the breach, and how the supplier plans to prevent similar incidents. Clients should be informed about the breach’s impact on their operations and be given regular updates on resolving the issue.

In addition to keeping clients informed, the critical supplier needs to take responsibility for the breach and demonstrate their commitment to resolving the issue. They should offer sincere apologies and show a willingness to work with clients to address any concerns they may have. The supplier should also be willing to provide clients with resources and support to help them recover from the breach, such as assistance with data recovery or improved security measures.

A critical supplier can rebuild client trust and strengthen their business relationships by demonstrating a proactive approach to cybersecurity and open communication. Communication should happen during the resolution process and after the incident is resolved. The supplier should continue to provide updates on any new measures they are implementing to prevent future breaches and be available to address clients’ concerns or questions.

Balancing Security and Trust in Critical Supplier Relationships

In business, relationships with critical suppliers can make or break an organisation. These relationships are built on trust, which can quickly be eroded in a security breach. The fallout from a critical supplier’s encryption can be significant, leaving clients questioning the relationship’s level of security and trust.

Balancing security and trust is crucial when working with critical suppliers. It’s essential to have a robust security framework in place to mitigate the risk of a security breach. However, this cannot be at the expense of trust. Finding a balance that allows for strong security measures without eroding trust is essential.

When security breaches occur, it’s easy to become hyper-focused on security and forget the importance of trust. However, it’s critical to keep trust in mind during these times. This includes being transparent with clients about what happened, how the supplier plans to address the issue, and what steps are being taken to prevent it from happening again.

Balancing security and trust in critical supplier relationships requires ongoing communication, collaboration, and a commitment to continuously improving security measures while maintaining high trust.

Lessons Learned from Past Encryption Incidents and Their Impact on Trust

In the aftermath of a critical supplier’s encryption incident, it’s important to examine past encryption incidents and understand their impact on trust. Learning from past incidents can inform future decisions about preventing or mitigating similar incidents. By identifying the root cause of past incidents, businesses can take proactive steps to prevent similar incidents and restore trust in the relationship with the supplier.

Examining past incidents can also help businesses identify areas of weakness in their security measures and make improvements to prevent similar incidents in the future. Additionally, analysing past incidents can inform discussions with critical suppliers about their security measures and encourage them to take proactive steps to improve their security posture.

It’s important to balance security and trust in critical supplier relationships. While robust security measures are necessary to prevent incidents like encryption, overly strict security measures can also damage trust in the relationship. Finding the right balance between security and trust requires ongoing communication and collaboration between the business and the supplier. By working together to establish mutually beneficial security protocols, companies can maintain strong relationships with critical suppliers while protecting themselves from potential incidents like encryption.

Navigating Next-Generation Technology Procurement After an Encryption Incident

After a critical supplier’s encryption incident, it’s essential to consider how it impacts future procurement decisions, particularly for next-generation technologies. Clients must navigate the complex landscape of trust and security while keeping pace with the latest technological advancements. The incident highlights the need for clients to take a more proactive approach to vendor management, specifically evaluating their suppliers’ security measures.

Next-generation technology procurement after an encryption incident necessitates a thorough reassessment of the trustworthiness of critical suppliers. Clients must determine whether their existing vendors are still reliable or if they need to look for new partners with better security measures. Additionally, the incident can serve as a valuable lesson for future procurement decisions, prompting clients to consider the security track record of potential vendors before signing any contracts.

Clients must also know regulatory requirements impacting their procurement decisions, particularly regarding data privacy and security. Such regulations can help clients set security standards and requirements for their vendors, promoting better security practices across their supply chains.

The Long-Term Effects of Encryption Incidents on Client-Supplier Trust

When a critical supplier experiences an encryption incident, the consequences can be long-lasting. Even after the immediate incident is resolved, the effects of the breach can linger for months or even years. The breach can result in a loss of trust between the supplier and its clients, and it may take significant effort to restore that trust.

Clients may wonder if they can trust their critical supplier with their sensitive data and if the supplier is genuinely committed to their security. Sometimes, clients may even consider switching to a different supplier altogether.

This subheading explores the long-term effects of encryption incidents on client-supplier trust. It delves into the challenges suppliers face in rebuilding trust and how such incidents can impact future business relationships. The subheading also looks at the steps suppliers and clients can take to prevent future incidents and ensure that their business relationship remains strong.

Maintaining Trust in Critical Supplier Relationships Through Continuous Assessment and Improvement

While encryption incidents can be unexpected and disruptive, they can also serve as a valuable lesson in the importance of supplier trust. Maintaining trust in critical supplier relationships is an ongoing effort that requires continuous assessment and improvement. In the aftermath of an incident, clients and suppliers must work together to identify areas for improvement and take concrete steps to strengthen their relationship.

One way to do this is through ongoing monitoring and assessment of the supplier’s security practices. Clients should work with their suppliers to establish clear guidelines and expectations for security and regularly review and update these guidelines to reflect changing threats and technologies. Additionally, regular communication and transparency between clients and suppliers can help build and maintain trust over the long term.

Finally, it’s essential to recognise that trust is a two-way street. While clients rely on their suppliers to maintain the security and reliability of their systems, suppliers also rely on their clients to provide clear expectations and feedback. By working together to build a strong foundation of trust and communication, clients and suppliers can weather unexpected incidents and emerge more robust and resilient in the face of future challenges.

Nick Roddick

Head of Production

Elpidoforos Arapantonis

Senior IT security manager at Volvo

Elpidoforos Arapantonis aka Elpis is Chief Product Security Officer at ecarx in Gothenburg, Sweden. He has academic background in electronics with M.Sc. degrees in distributed systems, as well as in information security. He has long experience working in projects around Autonomous Driving, and Advanced Driver-Assistance Systems in OEMs, from the cybersecurity point of view. His current focus is cybersecurity on infotainment systems as well as vehicles’ off board systems.

Anders Jared

CISO at Bravida

With decades in the area of security I now lead the IT and information security work within Systembolaget AB. This proactive engagement together with my background of analyzing security breaches in criminal investigations renders me a unique understanding of both threats and prevention possibilities in our digitalized world.

Anthony Herrin

Nordic Head of Cyber Underwriting at RiskPoint Group

Anthony has 15 years of experience in the insurance industry with roles within both broking and underwriting. He has focused on cyber risk and insurance since 2015 and is CISM certified. Whilst predominantly on the broking side at Aon, JLT and Marsh over the last few years, he has recently moved to an underwriting role at Riskpoint and will lead their team of Nordic Underwriters.

Bernard Helou

Head of IT Governance at Lendo Group

Bernard has 15 years experience in information security. He has been working as a
cybersecurity consultant to CAC40 companies in Paris for 9 years before taking internal roles as information security manager. From security awareness to data protection strategy or
contingency plans, he has a good overview of security best practices.

Moa Mörner


Moa Mörner is an experienced Data Protection Officer with a demonstrated history of working with questions concerning processing on a large scale of special categories of personal data, both for Controllers and Processors. She is skilled in data protection law, advising on strategic level as well as operative, assessments and recommendations, educating, and managing incidents of personal data breaches. Moa is strong advocate for making data protection and information security working together, when the perspective of the individual (data protection) and the perspective of the organization (information security) allows it.

Today Moa is Group DPO at SJ AB.

Jacqueline Jönsson

CISO at Danish Energy Grid

During my 20+ years in the security sector I have a good feeling about what works in practice and gives results and what doesn’t. The part that engages me most is integration of technical security with legal and financial aspects as well as people’s behavior.

Core skill is CISO work and guiding board members and executives about cybersecurity, operational resilience and business assurance.

Also advice on regulations, directives and practices for the financial services and energy sector.

Jonas Rendahl

CISO at Aurobay

My name is Jonas Rendahl and I work as CISO at Aurobay (Powertrain Engineering Sweden AB). I live south of Gothenburg with my wife and daughter.

I started my interest in computers and security at an early age. I have worked within IT since early 2000 but I have worked within many different industries and areas before that. Within IT I have worked with things like development, support, testing, management, audits, disaster and recovery, architecture, operational security and almost all aspects of security you can think of.

I have a keen interest in security and love the fact that it is such a dynamic and ever-evolving industry. From all of my experiences I have learnt that nothing is static and that all experiences are something to learn from.

I am a rather pragmatic person in such respect that I try to listen the organization’s needs and weigh that against potential risks and possible and plausible security measures. I am a firm believer in simplicity over complexity and in setting up the foundation for fruitful conversations by first defining the boundaries and basic concepts to ensure everyone understand each other.

Klas Themner

CISO/Deputy CEO at AMRA Medica

Klas Themner has, as AMRA’s Chief Information Security Officer, overall responsibility for the management of the company’s information security. Klas has been at AMRA since 2017, mostly in the role of COO, also keeping the role of deputy CEO. Before joining AMRA Medical he had 20+ years of experience as COO & CFO in a number of different listed medical device companies within advanced medical image processing and across all imaging modalities. Previously to Life Science, Klas spent 10 years with the Swedish defense industry. He has an engineering background and holds a PhD in Nuclear Physics from Lund University.

Lorena Carthy-Wilmot

Senior advisor in Digital Policing (DPA) at Lillestrøm police station

Former Head of the Forensic Technology Services Lab at PwC in Oslo. Now Senior Advisor in the field of Digital Forensics at the Norwegian Police, East District.


Future leader of cybersecurity sector at Einride

I'm a Senior Security Advisor within the IT/Telco domain with more than 25+ years in the industry.

Thea Sogenbits

CISO at Estonian Tax and Customs Board

Thea maintains tax secrecy of everyone in Estonia. As CISO of the Estonian Tax and Customs
Board she leads the security vision and information security management programme as well as the certified information security organization within the ETCB.

Her academic research focuses on the value chains and business models of professional
organized cross-border transnational cybercrime.

She trains and mentors military, public and private executives on hybrid defense and integration of next level defenses to organizational daily policies, practices and culture.

Thomas Evertsson

Head of IT security at DNB Bank

If you are looking for an efficient, Get the Job Done IT Manager with high ambitions then you've found the right person. I am inspired by a fast pace and successfully driving change, both organizational and technical. I see myself as a realistic optimist who is happy to share ideas and knowledge with others. Experience has taught me to be honest, cohesive and consistent, factors I see as important to success.

Tomi Dahlberg

Senior Advisor Cyber Security at State Treasury of Finland

My executive work, IT management and governance centric career started in 1976. I'm still passionate about these topics as they evolve all the time. Since 1984 I've worked in managerial and since 1988 in executive positions in business, academy and consulting (ABC). Business executive is my main career path.

I have worked in business executive positions in software (e.g. Unic), finance (e.g. Danske Bank), telecom operator (e.g. Elisa), nanotechnology, executive consultancy, and IT services. I have written 70+ publications both academic and practical as a part-time professor in business schools since the year 2000 . My research motive is to understand in depth issues that I conduct in business.

Executive work expertise areas: Corporate governance and board work, change management and leadership, strategy work & management, business models, business development, innovation management, finance.

IT executive expertise areas: governance and management of IT, OT, digital business and platform business, CIO/CDO work, IT service management, data management, business and IS development methods.

Benjamin Bauchmann

CISO at Ströer SE & Co. KGa

Speaking session - March 16th, 2023

Visibility is crucial: E-criminals will find your internet-facing assets you do not know much about

You can only protect the assets you know of, so it’s important to have a high visibility on all your internet-facing assets. Even more in times like these in which states/hackers/the bad guys try to cause havoc. They do not need to target you specifically, but they will find your assets, you do not know about.
Biography: If he had been in Troy then, the city would still be standing today. When it comes to security, most people rely on offerings to the IT gods. Not so Benjamin Bachmann, because he sees cyber security as a holistic issue that must consider and address the triad of people, organization and technology in equal measure. In other words, they form the foundation of a sustainable and livable security culture. An industrial engineer by training, he felt called to promulgate these early on on behalf of various consulting firms. Today, as Vice President Group Information Security at Ströer, he is responsible for the strategic security of the entire Group and develops implementable, useable and human-centered security concepts for the subsidiaries. Privately, he has been battling with his friends for years to see who can bake the best wholemeal sourdough bread, is on a sustainable journey and shows that cyber security is not dry-as-dust topic.

Tobias Ander

CISO at Örebro kommun

Speaking session - March 16th, 2023

Raising a cybersecurity culture! - Why is it so important?

Tobias will be delivering an insightful talk on how to comprehend the security implications of a futuristic security strategy. This talk will focus on the importance of incorporating the security function into crucial decisions, and will provide an overview of what such a strategy would look like. He will examine the emerging technologies in the field of security, and explore how they will influence the security strategies of tomorrow.
Biography: Tobias Ander got more than 20 years of experience in information security. Today he is CISO at Örebro Kommun, runs his own company Securebyme and recently released the book Informationssäkerhetskultur (Information security culture) in swedish. Tobias was awarded “This year’s GRC-profile” in 2017 for his commitment in Governance Risk and Compliance.

Ståle Risem-Johansen

CISO at Spare Bank

Experienced senior manager with 20+ within Energy sector as CIO and CISO. Chairman of the Board of Nationwide Security forum in Norway (Energy Sector) for 7 years. Confident with working with regulator and The Office of the Auditor General Strong relationship-builder always aiming to Learn more. If security is done the proper way it will become a business enabler. Currently hold the position as CISO in SpareBank 1 SMN – a part of SpareBank 1 alliance.

Raviv Raz

Cyber & AI Innovation at Ing

Speaking session - March 16th, 2023

How will AI impact CyberSecurity in near future

  • AI is gradually taking a prominent part in Cybersecurity
  • Recent developments in offensive AI pose, in a close future, threat to  conventional security measures, arming malicious hackers with a powerful  technology previously unavailable to the masses
  • Innovative Advancements on both sides of the force
  • Is AI going to help to save the security staffing shortage or lead to a dark future

Raviv has pioneered and disrupted several domains in Cybersecurity including:

  • Network Access Control
  • Web Behaviour Analytics
  • Programming Language Processing

As part of his R&D work in ING he co-founded the CodeFix and PurpleAI innovation initiatives: reducing false-positive alerts in application security testing and using AI in offensive security testing.
Specialising in Application Security, Raviv has blogged, lectured, appeared in the news and released open-source tools used by tens of thousands of hackers.

Including R.U.D.Y that appeared on the TV show Mr. Robot