3rd Party Risk Management , Governance & Risk Management , Video
Moving Beyond Compliance for Third-Party Security
CyberGRX CEO on Why Supply Chain Has Evolved Into a Risk Management FunctionOver the past decade and more, people have focused on securing their own environments, and rightly so. But a majority of data breaches now involve compromise in a third-party service provider's systems.
See Also: OnDemand : Learn the ABCs to the 3 V's of Asset Management
Attacks such as Kaseya and SolarWinds have highlighted supply chain risks. They've also put the spotlight on how securing the supply chain can no longer just be considered a compliance function. It has evolved into a risk management function - simply because compliance does not equal security, said Fred Kneip, chief executive officer at CyberGRX.
"Compliance is not a means to actually secure your environment," Kneip said. "As people start to realize from a risk perspective, compliance is just a step along the way. And as they're now focusing more on their third party, they're coming with a lens of how can I manage risk down, and not just meet some compliance standard and move along?"
In this video interview with Information Security Media Group at RSA Conference 2023, Kneip discussed:
- Security changes and challenges relate to third-party service providers;
- The advantages of AI and ML in third-party security;
- The need to build structured and consistent data using predictive models.
At CyberGRX, Kneip led the creation of the world's first global third-party cyber risk management exchange. Prior to joining CyberGRX, he was the chief security officer at Bridgewater Associates, responsible for leading the security and compliance departments.