Third Party Threat Hunters
A dialogue with leaders in Cybersecurity and Third-Party Risk Management led a leader in the field: Gregory Rasner (author, "Cybersecurity & Third-Party Risk: Third-Party Threat Hunting" and "Zero Trust and Third-Party Risk: Reduce the Blast Radius")
Third Party Threat Hunters
Third Party Threat Hunters Podcast: Guest Jay Bobo
Summary
In this episode, Gregory interviews Jay Bobo, the creator and CEO of Breach Siren, about third-party risk management. They discuss the challenges of using crappy and expensive tools in the space, the need for accountability from regulators and ISACs, and the financial impact of third-party risk. They also explore how cybersecurity breaches can affect other risk domains and the importance of risk identification and event notification. The conversation concludes with a plan to continue discussing other topics in future episodes.
Takeaways
- Many tools in the third-party risk management space are focused on compliance rather than security.
- Third-party risk management should not be treated as a tick-the-box exercise, but as an ongoing process of threat hunting and risk assessment.
- Regulators and ISACs play a crucial role in holding organizations accountable for third-party risk management.
- Cybersecurity breaches can have a significant financial impact and can affect other risk domains such as privacy and compliance.
- Risk identification and event notification are essential for effective breach response and mitigation.
Chapters
00:00
Introduction and Background
03:08
Crappy, Expensive Tools
09:14
Accountability
13:38
Financial Impact
15:02
Cybersecurity's Impact on Other Risk Domains
22:29
Risk Identification
23:13
Event Notification and Breach Response
26:19
Conclusion