3rd Party Risk Management , Governance & Risk Management , Video

Moving Beyond Compliance for Third-Party Security

CyberGRX CEO on Why Supply Chain Has Evolved Into a Risk Management Function Mathew J. Schwartz (euroinfosec) • May 10, 2023    
Fred Kneip, CEO, CyberGRX

Over the past decade and more, people have focused on securing their own environments, and rightly so. But a majority of data breaches now involve compromise in a third-party service provider's systems.

See Also: 10 Belt-Tightening Tips for CISOs to Weather the Downturn

Attacks such as Kaseya and SolarWinds have highlighted supply chain risks. They've also put the spotlight on how securing the supply chain can no longer just be considered a compliance function. It has evolved into a risk management function - simply because compliance does not equal security, said Fred Kneip, chief executive officer at CyberGRX.

"Compliance is not a means to actually secure your environment," Kneip said. "As people start to realize from a risk perspective, compliance is just a step along the way. And as they're now focusing more on their third party, they're coming with a lens of how can I manage risk down, and not just meet some compliance standard and move along?"

In this video interview with Information Security Media Group at RSA Conference 2023, Kneip discussed:

  • Security changes and challenges relate to third-party service providers;
  • The advantages of AI and ML in third-party security;
  • The need to build structured and consistent data using predictive models.

At CyberGRX, Kneip led the creation of the world's first global third-party cyber risk management exchange. Prior to joining CyberGRX, he was the chief security officer at Bridgewater Associates, responsible for leading the security and compliance departments.

Previous
Ex-Uber CSO Joe Sullivan Avoids Federal Prison
Next
APIs Are a Massive Problem - We Just Don’t Know How Massive

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.



Around the Network

Good Governance: 'It's All Hygiene'
Good Governance: 'It's All Hygiene'
How Biden's AI Executive Order Will Affect Healthcare
How Biden's AI Executive Order Will Affect Healthcare
How AI Can Help Speed Up Physician Credentialing Chores
How AI Can Help Speed Up Physician Credentialing Chores
AI in Healthcare: The Growing Promise - and Potential Risks
AI in Healthcare: The Growing Promise - and Potential Risks
Stopping Cloud Workload Attacks
Stopping Cloud Workload Attacks
How State Governments Can Regulate AI and Protect Privacy
How State Governments Can Regulate AI and Protect Privacy
Mapping Access - and Attack - Paths in Active Directory
Mapping Access - and Attack - Paths in Active Directory
Getting a Tighter Grip on Vendor Security Risk in Healthcare
Getting a Tighter Grip on Vendor Security Risk in Healthcare
Mapping the Unseen Vulnerabilities of Zombie APIs
Mapping the Unseen Vulnerabilities of Zombie APIs
Why Hospitals Should Beware of Malicious AI Use
Why Hospitals Should Beware of Malicious AI Use

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing devicesecurity.io, you agree to our use of cookies.