PrivSec Global’s second day got underway this morning with an exploration of third party risk management.

Screenshot (14)

In an exclusive panel debate, “Third Party Risk Management: Cybersecurity Expertise into Board Governance and a Company’s Digital Defense”, subject-matter experts delved into the role this crucial issue plays against the rising cyber security threat. 

Among key questions, the panel considered whether cybersecurity at board-level is a fundamental force in strengthening corporate digital defences. Describing the current third party risk management landscape, Anu Kukar, Data & Technology Risk – Thought Leader, said:

“The current risk that we have is that every organization is using a third party in one shape or form. Regulators worldwide have come out and said an organization is responsible for the risk management of third parties.” 

Omer Carmi from Cybersixgill, said:

“I’m seeing too much of everything… when you are trying to take the concept of too much data into third party risk, you start to realize that you have a problem and you realize you have to do it in an automated, fast way.”

Offering insight into future sector security challenges, Anu Kukar said:

“Do we know what the cyber posture and the cyber risk is from an amount perspective. Can we quantify it for third parties?” C suites and boards will have to figure out a way to quantify risk.

“The risk that I’m seeing, when you have got so many multi-cloud providers and different types of clouds, what are your security arrangements? Are you creating another problem?” Anu added.

 Addressing the issue of managing disparate cloud technologies, Israel Rivera, Senior Manager, MBL Technologies, underlined the importance of looking at the question from a governance perspective, and highlighted how organizations must be given guidance with regards to understanding their own risk appetite.

“Trust is focused on risk, and what your risk appetite will be,” Israel said.

 Omer Carmi, VP of Intelligence, Cybersixgill, said:

“I’m a fan of looking at what the threat actor is doing and use their tools”