Strategic Pitfalls in Third-Party Risk Management

Today, nearly every organization is struggling with how to manage cyber risks. Remote work, sophisticated attack methods and an increase in vendor networks have changed the threat landscape, limiting security leaders’ visibility into cyber threats. To keep enterprise data and information safe, many CISOs are relying on third-parties, but this can present additional challenges as they must identify partners they can trust and convince the business to invest in these areas. How can CISOs initiate effective third-party risk management during this time of increased vulnerability?

At the upcoming Denver CISO Executive Summit on May 24, Kelly White, Co-founder and CEO of RiskRecon, a Mastercard Company will be leading an Executive Boardroom on “Strategic Pitfalls in Third-Party Risk Management.” Chris McLaughlin, Chief Information Security Officer at Johns Manville and Co-Chair of the Denver CISO Community, and Steven Lovaas, CISO at Colorado State University and Governing Body Member of the Denver CISO Community will be helping to facilitate the discussion. During this session, CISOs will address common failings across third-party risk management programs, how executives can provide strategic direction for third-party risk teams, and key practices to look out for when assessing vendor risk firms.

Ahead of the session, Kelly is sharing why CISOs should elevate their approach to third-party risk management and gain the full visibility and understanding around threats that come from a digital supply chain.

Kelly White is the co-founder and CEO of RiskRecon, a cybersecurity risk ratings company that enables third-party security risk management. Prior to founding RiskRecon, Kelly held various enterprise security roles, including CISO and Director of Information Security for financial services companies. Kelly was also practice manager and senior security consultant for CyberTrust and Ernst & Young.
 

What are some challenges CISOs face when it comes to third-party risk management?

Staffing issues are always a problem for security and risk teams, but third-party risk management is still not seen as a priority area among most programs, even though research has shown that financial losses from third-party breach events can reach tens of millions of dollars. Using antiquated vendor assessment techniques takes too much time and strains an already thin third-party risk management (TPRM) team. Building the case to make TPRM a priority has become a common problem area for many executives looking to strengthen their vendor risk team.
 

Why is it critical for the Evanta CISO Community to have this conversation now?

Now more than ever, third-party risk management is a challenge that all organizations are struggling to handle. Can you properly assess the security standing of every vendor while meeting the demands of the business? Can you onboard vendors quickly and safely? Can you stay secure from 4th and 5th parties? All these questions and many more are commonplace from TPRM practitioners. As businesses scale up their vendor ecosystem, it’s harder than ever to keep your business safe. 
 

What are you most looking forward to about the session?

I’m looking forward to discussing the current and future state of third-party risk management with leading security executives who have varied opinions and thoughts on how programs can better manage vendor risks. 

Join this conversation with Kelly White of RiskRecon, a Mastercard Company at the Denver CISO Executive Summit on May 24, and join your local community to connect with likeminded security leaders on the most critical issues impacting CISOs today.
 

Special thanks to RiskRecon, a Mastercard Company.

by CISOs, for CISOs
 

Join the conversation with peers in your local CISO community.