Moving Beyond Compliance for Third-Party SecurityCyberGRX CEO on Why Supply Chain Has Evolved Into a Risk Management Function
Over the past decade and more, people have focused on securing their own environments, and rightly so. But a majority of data breaches now involve compromise in a third-party service provider's systems.
Attacks such as Kaseya and SolarWinds have highlighted supply chain risks. They've also put the spotlight on how securing the supply chain can no longer just be considered a compliance function. It has evolved into a risk management function - simply because compliance does not equal security, said Fred Kneip, chief executive officer at CyberGRX.
"Compliance is not a means to actually secure your environment," Kneip said. "As people start to realize from a risk perspective, compliance is just a step along the way. And as they're now focusing more on their third party, they're coming with a lens of how can I manage risk down, and not just meet some compliance standard and move along?"
In this video interview with Information Security Media Group at RSA Conference 2023, Kneip discussed:
- Security changes and challenges relate to third-party service providers;
- The advantages of AI and ML in third-party security;
- The need to build structured and consistent data using predictive models.
At CyberGRX, Kneip led the creation of the world's first global third-party cyber risk management exchange. Prior to joining CyberGRX, he was the chief security officer at Bridgewater Associates, responsible for leading the security and compliance departments.