Rudy Patel, head of TPRM at financial services firm Mizuho Americas, said any outsourcing of operations, application development, or any other services brings with it third-party risk and raises many questions.
“How do we know the third party’s environment is secure? How do you get comfort the information you entrusted to that third party is secure? How do you know its security program hasn’t lapsed from the time you’ve done an assessment to present?” Patel asked.
Moreover, “Cybersecurity has a tendency of cascading and triggering other risks,” said Nasser Fattah, senior advisor at Shared Assessments, a member-driven consortium that delivers secure and resilient third-party partnerships. A ransomware attack, for example, can create an enterprise-wide system outage, which can then interfere with business continuity.
Such concerns speak to the importance of a cybersecurity monitoring strategy.
“A cybersecurity monitoring strategy is critical to identifying precursors to an attack,” said Brian Peister, cyber and IT TPRM global officer at U.S. bank BNY Mellon. Continuous monitoring “keeps your vendors honest about keeping their performance honest against…
