3rd Party Risk Management , Events , Governance & Risk Management

Tips for Implementing a Good Third-Party Risk Program

Panorays' Matan Or-El on Taking a Holistic Approach to Working With Outside Vendors
Matan Or-El, co-founder and CEO, Panorays

Attackers are targeting the weakest link in the supply chain. Because every vendor poses a risk, you need to classify them by risk and track all the data they manage. Third-party risks could range from a law firm with sensitive client data to a flower delivery company. One bank vetted its florists because they know the most important people in the bank and the most valuable customers.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

A third-party risk program needs a holistic view on third parties and a way to automate the whole life cycle of a supplier engagement, said Matan Or-El, co-founder and CEO of Panorays. Organizations should classify risk using internal and external data to align it with the organization's risk appetite. For critical vendors, organizations should conduct continuous monitoring.

In this video interview with Information Security Media Group at Infosecurity Europe 2023, Or-El discussed:

  • The importance of classification, onboarding and continuous monitoring in third-party risk management;
  • The benefits of widespread automation to replace manual approaches;
  • Why every security tool needs to adopt AI methodologies.

At Panorays, Or-El uses his entrepreneurial background to address untapped markets in building enterprise-focused security solutions. He combines his technical background with business leadership and vision to help improve the industry's cyber resilience. Or-El established his first startup at age 18.


About the Author

Tony Morbin

Tony Morbin

Executive News Editor, EU

Morbin is a veteran cybersecurity and tech journalist, editor, publisher and presenter working exclusively in cybersecurity for the past decade – at ISMG, SC Magazine and IT Sec Guru. He previously covered computing, finance, risk, electronic payments, telecoms, broadband and computing, including at the Financial Times. Morbin spent seven years as an editor in the Middle East and worked on ventures covering Hong Kong and Ukraine.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.