There is no denying that the attack methods for stealing your organization's data are continuing to expand with third party vendors - which is the most invisible risk in your partner and supplier ecosystem.
Regulators in many industries, including financial services and healthcare, are tightening their grip on data breach activities through legislation, fines, and Congressional pressure. With shadow IT on the rise from business units who avoid IT and security review, a CISO is burdened to protect sensitive internal assets without impacting revenue. There are, however, new methods and tools for gaining intelligent visibility and continuously monitoring third party security risk.
The evidence of breaches from business partners is mounting. Remember Target, Home Depot, Staples, and many other brand name security embarrassments. At the same time, the pressure is building from financial and healthcare regulators who are keeping tabs on data breaches, such as the highly-publicized events at Anthem and JPMorgan.
Gaining visibility into the security posture of third party vendors, suppliers, and partners in today's digitally-driven business environment is complex. With cloud service adoption and shadow IT occurring without security reviews in business units, a CISO must balance protection against becoming a roadblock to revenue or process improvement.
A CISO must also fill in the security gaps missing from questionnaires, SOC reports, onsite visits, and penetration tests. The partner ecosystem is a thriving, dynamic threat environment. Third party systems and the users of these systems are actively targeted. The digital connections to your systems require much deeper visibility than the limitations found in single-point-in-time methods currently in use.
After this webinar, you will learn how to:
Avoid the common pitfalls of partner onboarding;
Quickly and accurately assess third party security risk using emerging tools;
Overcome the limitations of SOC reports, questionnaires, and having a check box mentality;
Diffuse the pressure of a partnership or imminent contract that could cloud your security instincts;
Work more effectively with partners to close the loop on their security risks that will become your problem.
The key to achieving security diligence on a potential new partner, vendor, or supplier is to first recognize it is more of an art than a science. However, you can make it more of a science with emerging tools that put third party security postures in context, and allow you to communicate directly with partners before, during, or after a partnership agreement is implemented. Your role is to make the partnership as secure as possible for your organization while accurately presenting, documenting, and ultimately, mitigating the risks.
SecurityScorecard gives organizations instant visibility into the security-risk posture of any company. Our benchmarking platform allows an organization to be continuously aware of all potential threats across an unlimited number of current and prospective partners - speeding the time to remediation, protecting revenue, and ensuring brand integrity. By monitoring millions of security-risk signals through SecurityScorecard sensors, companies can non-intrusively gauge how prepared their partners are to deal with security-risk challenges. Active and emerging threats can be addressed collaboratively to effectively remediate issues and lower collective security risks. For more information, please visit www.securityscorecard.com.
Premium Members Only
OnDemand access to this webinar is restricted to Premium Members.
Dr. Yampolskiy is a recognized expert in the security field. He is a CEO and Founder of SecurityScorecard, the leading security risk benchmarking service. Before founding Security Scorecard, he was the CTO of BlogTalkRadio/Cinchcast, the former Head of Security and Compliance at Gilt Groupe, and has held lead technologist and security roles at Goldman Sachs, Oracle, and Microsoft. Yampolskiy is a published author and active speaker in the security and software development communities. His experience in security was the impetus for the founding and driving vision of SecurityScorecard.