Tabletop exercises may uncover some supply chain and third-party risks. But few organisations doing them in 2022, could have foreseen the effects of geopolitical conflict. Add to the mix a myriad of new risks—from cloud-based solutions to hybrid work environments and remote work—and CISOs have a lot to deal with. CISOs can transfer some responsibility for risks to cloud and third-party vendors. Ultimately, however, they’re accountable when it comes to keeping their organisations safe.
The good news is that third-party risk is no longer a new topic. The same frameworks that CISOs use to assess their internal risk can be applied to vendors. In fact, companies with thousands of vendors often create risk-based tiering for their third-party processes. In addition, new cybersecurity solutions and features can reduce the level of effort required. With a little trial and error, CISOs can design a third-party risk program that aligns with their business needs.
In this Power Series, our panel of resident CISOs discuss:
- The impact of supply chain and third-party risk in a hybrid world
- How to identify shadow IT and reduce hidden third-party risk
- Ways to build or upgrade your third-party risk program to adapt to today’s evolving risks