3rd Party Risk Management , Governance & Risk Management , Video
The Third-Party Realm: Where the Risk Is
Recorded Future's Levi Gundert on Need for Intelligence to Combat Supply Chain RiskThird-party risks continue to persist, even a decade after the Target breach. Third-party targeting by attackers has intensified due to the interconnectedness of the business world, enabling adversaries to exploit intermediaries for access. This extends from supply chains to code development, APIs and personal data held by organizations.
See Also: OnDemand | Secure Your Vendor's Access from Attacks on Third-party Vulnerabilities
The surge in cloud adoption and containerization, while fostering agility, has added to the already-existing security challenges. "The attack surface is just expanding, and the organizations have less control over it and less visibility into it, leading to more complexity," said Levi Gundert, chief security officer at Recorded Future.
The recent SEC incident reporting regulation will add a new dimension by compelling security leaders to recognize the risks tied to third-party breaches. "The SEC has essentially said you have a limited amount of time to report," Gundert said. "What CISOs need to be focused on is the systems they manage internally and have visibility on, where the greatest risk may be. It's probably in the third- and fourth-party realm. When you have a third party that experiences a material breach, and they have your data and your information, what does that mean for you?"
In this video interview with Information Security Media Group at Black Hat USA 2023, Gundert also discussed:
- The role of intelligence in providing an inside-out and outside-in view of supply chain risk;
- How should security leaders plan future investments in the context of business risk to maximize wins;
- How Recorded Future helps its customers manage supply chain risks effectively.
At Recorded Future, Gundert leads the continuous effort to measurably decrease operational risk for clients. He has spent the past 20 years in the public and private sectors, defending networks, arresting international criminals and uncovering nation-state adversaries. He has held senior information security leadership positions across technology and financial startups/enterprises and is a trusted risk adviser to Fortune 500 companies.