In this Help Net Security video, Jeffrey Wheatman, SVP and Cyber Strategist at Black Kite, discusses how organizations can identify and manage third-party cyber exposures before attackers exploit them.
He argues that businesses should move beyond a data-loss mindset toward one centered on resilience, meaning keeping operations running when vendors or partners get hit.
Wheatman walks through practical steps: engaging business stakeholders early, scoping which third parties are business critical, retiring outdated questionnaire-based assessments, and running quick pre-assessments tied to data sensitivity and breach history. He covers concentration risk, cascading exposures from fourth and fifth parties, and governance gaps that leave key decisions unowned.
Download: 2026 SANS Identity Threats & Defenses Survey
