ThirdPartyTrust Blog

Part one of the DePaul Cyber Risk Panel covered: 

- How to start building a vendor risk management program

- Key vendor risk management metrics 

- How to keep the vendor engaged after the contract has been signed

In Part 2, panelists answer audience questions. Including what constitutes a vendor and varying risk profiles for vendors. 

DePaul University's Arditti Center for Risk Management hosted its 4th annual Cyber-Risk Conference earlier this week with over 100 attendees. Three panels took place that day, one moderated by Anders Norremo, CEO of ThirdPartyTrust, on the topic of The Cloud and Third Party Vendor Managament. Panelists included Kyle Brunell, IT Risk manager at Ernst & Young; Shane Hibbard, Director of Information Security at Invenergy; Richard Latayan, Cybersecurity and Network Infrastructure Manager at Hollister.

The external risk environment is changing quickly as massive and costly cyber attacks -- Home Depot, Boston Medical Center and the Department of Veterans Affairs, among others -- have struck in the past couple years, continuing to challenge organizations to re-think approaches to vendor risk management.

The Ponemon Institute recently rolled out there second annual study of Data Risk in the Third-Party Ecosystem. The study aims to understand trends in the challenges companies face in protecting sensitive and confidential information shared with third parties and 4th party vendors. 

On September 6th, 2017, Anders Norremo, CEO of ThirdPartyTrust, moderated a panel of manufacturing experts on the topic of CyberSecurity & Manufacturing in the Digital Era at the OnRamp Conference in Milwaukee, WI.

Panelists included Chris Merkel, CISO of Brunswick Corp; David McPhee, the Regional Information Security Manager at Caterpillar; Michael Goetzman, CISO at Master Lock; and Steve Brukbacher, the Application Security Manager at Johnson Controls. 

The Ponemon Institute conducted a study back in April of 2016 surveying companies to understand the challenges they face in protecting sensitive and confidential information shared with third parties resulting in Data Risk in the Third-Party Ecosystem study.

Commercial transactions and informational exchanges no longer represent linear processes between two parties; rather, the shared data travels past the involved entities and into each organizations expansive network of third and fourth party vendors. Through infiltrating these organizations, hackers are most often able to access the data of larger connected companies. According to a Soha Survey, 63% of all data breaches stem from vendor related attacks. IT experts predict that number of vendor related attacks will rise, as companies increasingly resort to outsourcing for innovation and expanded services.

      At the Morningstar Security Summit on June 26th, 2017, Morningstar's CIO and team gathered industry experts to discuss best practices in cyber security and risk assessment. Sessions throughout the day included: State of the Security Industry, Understanding Emerging Threats and Regulatory Trends, Amazon Web Services Security, Protecting What Matters and a panel discussion on "Should You Trust Your Third Party Vendors?."

         On June 11th, Currency hosted the Changing Landscape of Cybersecurity Regulation event, in order for a set of experts to discuss the nature and implications surrounding New York’s recent financial regulations along with its possible push to national regulation.