Cyber Defense Magazine - Annual RSA Conference 2019 - Print Edition
Cyber Defense Magazine - Electronic Version - Annual RSA Conference 2019 - Print Edition
Cyber Defense Magazine - Electronic Version - Annual RSA Conference 2019 - Print Edition
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Third Party – Minimizing<br />
Organizational Exposure by<br />
Mitigating the Wild Card in<br />
Security Strategies<br />
<strong>2019</strong> Shared Assessments Third Party Risk Management Toolkit Helps<br />
Organizations Replace FUD with Actionable Insight, Risk Management Best<br />
Practices and Invaluable Tools.<br />
by Catherine A. Allen, Chairman and CEO<br />
The Santa Fe Group<br />
The list of major data leaks caused by third parties<br />
grows almost daily. Third party vulnerabilities,<br />
exposure incidents and hacks have been at<br />
the root of many of the last three years’ most<br />
troubling breaches.<br />
“Third party IT security risks can cause millions<br />
of dollars in loss and damage, and possibly<br />
irreparable harm to an organization’s reputation,”<br />
said Glen Sgambati, risk management expert<br />
with Early Warning Services.<br />
Bad actors are increasingly organized, wellfunded,<br />
determined and patient. They’ll apply<br />
the time and resources to successfully breach<br />
their chosen potential victim. They occasionally<br />
strike for political reasons, but more often their<br />
goal is financial gain.<br />
The IT infrastructures of partners and other<br />
trusted third parties are one of a cyber criminal’s<br />
preferred pathways into a chosen target’s domain.<br />
This burdens organizations with thoroughly<br />
assessing and addressing the potential risks<br />
and vulnerabilities of all partners, vendors and<br />
other third parties, as well as their own in-house<br />
vulnerabilities – an overwhelmingly broad<br />
intelligence-gathering mission for even the<br />
largest company, given the inventiveness and<br />
diligence of bad actors.<br />
Diligence obligates that the C-Suite ensure that<br />
their organizational risk management strategies<br />
and practices anticipate and manage the full<br />
spectrum of risks that result from interactions<br />
with physical and digital ecosystem partners,<br />
while sustaining the agility to adapt to the<br />
ever-changing threat landscape. Assessing<br />
and addressing the current state of corporate<br />
readiness and minimizing the organization’s<br />
exposure to unplanned events and their<br />
consequences is crucial.<br />
Many of the world’s top financial institutions,<br />
energy and critical infrastructure entities,<br />
consumer goods corporations, manufacturers<br />
and security-minded organizations of all sizes<br />
combat the problem together as part of the<br />
Shared Assessments member community.<br />
The member-driven consortium leverages the<br />
collective intelligence and risk management<br />
experience of a diverse cohort of practitioners,<br />
spanning industries and perspectives. The<br />
‘intelligence ecosystem’ produces independent<br />
research, and drives best practices, tools<br />
and certification standards that are used by<br />
thousands of organizations.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>Magazine</strong> - <strong>Annual</strong> <strong>Print</strong> <strong>Edition</strong> <strong>2019</strong> 101