3rd Party Risk Management , Cloud Security , Next-Generation Technologies & Secure Development
Managing Third-Party Risks in a New Era
Report From RiskRecon and the Cyentia Institute Offers InsightsHow far does an organization's risk surface extend, and who are the custodians of all that data? A new research report aims to answer those questions and offer insights on third-party risk management.
In a joint interview, Kelly White, CEO and Founder of RiskRecon, and Wade Baker, co-founder of the Cyentia Institute, offer insights on the findings in "Internet Risk Surface Report - Exposure in a Hyper-Connected World."
The research demonstrates that many organizations have a much larger and more complex risk surface these days, and they're putting a high degree of trust in third parties to protect high-value assets.
"Organizations need to do some self-reflection and ask, 'Do we really understand our whole cybersecurity risk surface? Do we have a good methodology for discovering and cataloging our third-party systems and dependencies? And it's from there that you can begin to manage," White says.
Baker adds: "The absolute worst is just to assume that everything is all right. To assume that you have your arms around your perimeter and therefore all of your critical assets are protected is absolutely 100 percent false. There's far more of you hanging out there on the internet than you probably realize."
In this interview (see audio link below photo), White and Baker discuss:
- The motivation behind the research and the methodology;
- The definition of "risk surface" and key findings of the report;
- Recommendations for organizations to better manage third-party risk exposure.
White is the CEO and founder of RiskRecon, where he focuses on third-party cyber risk management. He formerly held various enterprise security roles, including CISO and director of information security for financial services companies.
Baker is a co-founder of the Cyentia Institute, which focuses on improving cybersecurity through data-driven research. Previously, he was vice president of strategy at ThreatConnect and CTO of security solutions at Verizon.