Andrew Egoroff, Senior Cybersecurity Specialist, ProcessUnity

Below is an insight into what can be expected from Andrew’s session at Vendor & Third Party Risk USA 2023.

The views and opinions expressed in this article are those of he thought leader as an individual, and are not attributed to CeFPro or any particular organization.

A data leak has occurred – what risks is the institution now opened up to, and how can we mitigate this?

If a data leak has occurred within an organization’s trusted third party, that organization will most typically be exposed to 3 main risks:

• Data breaches: The leaked data may contain sensitive or confidential information, which could be used by cybercriminals to launch targeted attacks against the organization.
• Reputation damage: The data leak can harm the organization’s reputation if customers, partners, or regulators learn about it.
• Legal liability: The organization may face legal action if the leaked data contains personal or financial information that is protected under privacy laws.

To mitigate these risks, the organization can take several steps:

1. Assess the scope of the data leak: The organization should work with the third party to determine the extent of the data leak, what data was compromised, and who may have had access to it.
2. Notify affected parties: If the leaked data includes personal or financial information, the organization should notify affected customers, partners, or employees and provide guidance on steps they can take to protect themselves.
3. Review and revise contracts: The organization should review its contracts with the third party to ensure that they include appropriate provisions for data protection and breach notification.
4. Enhance security controls: The organization should work with the third party to strengthen its security controls and ensure that all systems and data are adequately protected.
5. Monitor for suspicious activity: The organization should closely monitor its systems and networks for any suspicious activity that may indicate a cyber-attack or data breach.

By taking these steps, the organization can mitigate the risks associated with a data leak from a trusted third party and protect its data and reputation.

Can we accept cyber breaches within vendors? At what point do we have to reevaluate the relationship?

Cyber breaches within vendors may occur despite best efforts to prevent them, however, they should not be accepted as the norm. Organizations must hold their vendors to high standards for data security and privacy, and vendors must be held accountable for any breaches that occur.

If an organization experiences a cyber breach within a vendor, it should reevaluate the relationship with the vendor and consider terminating the relationship if necessary. The point at which an organization should reevaluate its relationship with a vendor depends on several factors, including:

• Severity of the breach: If the breach involves sensitive or confidential information, or if it affects a large number of individuals, the organization should consider terminating the relationship.
• History of breaches: If the vendor has a history of breaches or has demonstrated a pattern of poor security practices, the organization should reevaluate its relationship and consider terminating it.
• Vendor response: If the vendor is unresponsive, uncooperative, or fails to take appropriate steps to address the breach, the organization should consider terminating the relationship.
• Legal or regulatory requirements: If the breach violates legal or regulatory requirements, the organization may be required to terminate the relationship.

In general, an organization should have a process in place for evaluating and managing vendor relationships, including regular assessments of vendor security practices and response plans for breaches. This process should also include provisions for terminating relationships if necessary to protect the organization’s data and reputation.

How can we work with vendors to mitigate cyber risks?

Working with vendors to mitigate cyber risks requires a collaborative and proactive approach. Here are some steps that organizations can take to work with vendors to mitigate cyber risks:

• Establish clear security requirements: Organizations should establish clear security requirements for their vendors and communicate them clearly. This can include requirements for data protection, incident response, and security audits.
• Assess vendor security practices: Organizations should regularly assess their vendors’ security practices to ensure they are meeting the established security requirements. This can include security audits, vulnerability scans, and penetration testing.
• Provide training and resources: Organizations should provide training and resources to their vendors to help them improve their security practices. This can include training on data protection, phishing awareness, and incident response.
• Monitor vendor performance: Organizations should monitor their vendors’ performance to ensure that they are meeting the established security requirements. This can include monitoring vendor compliance with security policies, as well as tracking vendor performance metrics.
• Develop a joint incident response plan: Organizations should work with their vendors to develop a joint incident response plan that outlines roles and responsibilities in the event of a security incident. This can help to ensure a coordinated response and minimize the impact of a security breach.
• Regularly review and update security practices: Organizations and their vendors should regularly review and update their security practices to ensure that they are adapting to new threats and vulnerabilities. This can include regular security audits and vulnerability assessments.

By working closely with vendors to establish clear security requirements, regularly assess vendor security practices, and provide training and resources, organizations can mitigate cyber risks and improve their overall security posture.

Can technology be used to keep up with the pace of change of cyber-attacks? How so?

Yes, technology can be used to keep up with the pace of change of cyber-attacks. The following are some ways in which technology can help:

• Artificial Intelligence (AI): AI algorithms can be trained to detect and respond to cyber threats in real-time. Machine learning can be used to analyze large amounts of data and identify patterns and anomalies that indicate a potential attack.
• Automation: Automation can be used to quickly respond to cyber threats and to prevent them from spreading. Automated tools can be used to monitor networks, detect threats, and take action to block or contain them.
• Threat intelligence: Technology can be used to gather threat intelligence from a variety of sources, including open-source intelligence, social media, and dark web forums. This intelligence can be used to identify potential threats and to develop effective countermeasures.
• Cloud security: Cloud-based security solutions can provide real-time threat detection and response capabilities. They can also provide scalable and flexible security controls that can adapt to the changing threat landscape.
• Endpoint protection: Endpoint protection solutions can be used to protect individual devices, such as laptops and mobile phones, from cyber threats. These solutions can provide real-time threat detection and response capabilities, as well as remote wipe capabilities in case a device is lost or stolen.

By leveraging these technologies, organizations can keep up with the pace of change of cyber-attacks and respond quickly and effectively to security incidents. However, technology alone is not enough to ensure security. Organizations must also have robust policies, procedures, and controls in place, and they must train their employees to be vigilant and security conscious.