3rd Party Risk Management , Events , Governance & Risk Management

Moving Beyond Compliance for Third-Party Security

CyberGRX CEO on Why Supply Chain Has Evolved Into a Risk Management Function
Fred Kneip, CEO, CyberGRX

Over the past decade and more, people have focused on securing their own environments, and rightly so. But a majority of data breaches now involve compromise in a third-party service provider's systems.

See Also: Breaking Down Silos With a Holistic View of Security, Risk

Attacks such as Kaseya and SolarWinds have highlighted supply chain risks. They've also put the spotlight on how securing the supply chain can no longer just be considered a compliance function. It has evolved into a risk management function - simply because compliance does not equal security, said Fred Kneip, chief executive officer at CyberGRX.

"Compliance is not a means to actually secure your environment," Kneip said. "As people start to realize from a risk perspective, compliance is just a step along the way. And as they're now focusing more on their third party, they're coming with a lens of how can I manage risk down, and not just meet some compliance standard and move along?"

In this video interview with Information Security Media Group at RSA Conference 2023, Kneip discussed:

  • Security changes and challenges relate to third-party service providers;
  • The advantages of AI and ML in third-party security;
  • The need to build structured and consistent data using predictive models.

At CyberGRX, Kneip led the creation of the world's first global third-party cyber risk management exchange. Prior to joining CyberGRX, he was the chief security officer at Bridgewater Associates, responsible for leading the security and compliance departments.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.