Videos

Vendor risk management is rapidly evolving. Innovation in vendor risk management is driven by the increasing frequency of third-party breaches and the growing consequences of breaches.

60%+ of data breaches are caused by third parties. The repercussions extend far beyond financial losses, leading to class-action lawsuits and irreparable damage to brand reputation.

Traditional approaches, such as annual security assessments, are no longer enough, and organizations need to take a more proactive approach to managing vendor risk. By using AI to improve security assessments and continuously monitor Internet-facing attack surfaces, businesses can fortify their defense mechanisms and stay ahead of emerging threats.

How do you envision the future of vendor risk management evolving in response to the escalating cybersecurity risks?

1 0

Learn about best practices in third-party risk management in the healthcare industry, tactics to verify the security of vendor networks, and the use of AI to enhance security posture. Join Mike Kelly, CEO of ProcessBolt, and Derrick Lowe, Chief Security Officer of Orlando Health, as they discuss how continuous monitoring and real-time threat detection are crucial for effective third-party risk management. They discuss the limitations of point-in-time risk assessments and self-attestation, highlighting the need for technology to augment the assessment process. The integration of AI, continuous monitoring, and automated assessments is seen as the key to achieving true verification of vendor network security.

Chapters
0:00 Introduction and Background
1:17 Best Practices in Third-Party Risk Management
4:31 Limitations of Point-in-Time Risk Assessments and Self-Attestation
6:24 The Role of Technology in Augmenting the Assessment Process
8:18 The Importance of True Continuous Monitoring
10:44 Enhancing Vendor Network Security with AI
12:42 Real-Time Monitoring and Gap Filling in Technology Selection
14:10 Conclusion: Best Practices and Verification

1 0

The Change Healthcare breach reinforces the importance of effective vendor risk management in healthcare. The breach has impacted hospitals financially and disrupted their ability to provide patient care, highlighting vendors' critical role in healthcare delivery and the consequences of third-party breaches.

Hospitals need to take a more proactive approach to managing vendor risk to identify weaknesses for vendors before exploitation. An integrated attack surface management program, coupled with comprehensive risk assessments and AI-driven document analysis, could have potentially alerted organizations to weaknesses that the hackers ultimately exploited.
Such comprehensive vendor risk management strategies must become standard practice in healthcare and other industries.

What additional cybersecurity measures can your company implement to protect itself?

1 0

President Biden's 2025 proposed budget allocates $1.4 billion for hospitals to improve their cybersecurity. This reflects the increasing urgency to safeguard healthcare systems from cyber threats.

One of the key objectives of this funding is to help hospitals improve their vendor risk management strategies. The surge in cyberattacks targeting hospitals, particularly through vendor networks, reinforces the need for proactive measures to mitigate risks and strengthen resilience.

As the healthcare sector grapples with escalating cybersecurity challenges, initiatives like these are crucial steps toward fortifying defenses and ensuring patient data integrity.

1 0

*Summary*
In this conversation, Greg Chan, retired senior manager of cybersecurity for Paul Hastings, discusses the emerging themes and risks in the legal industry, particularly in vendor risk management. He highlights the growing focus on third-party risk and the challenges law firms face in ensuring the security of client data. Greg emphasizes the need for law firms to mature their third-party risk management programs and comply with client requirements. He also discusses the shift from point-in-time risk assessments to continuous monitoring. Greg concludes by emphasizing the real business impacts of insufficient controls and the need for law firms to prioritize information security.

*Takeaways*
- Law firms are increasingly focusing on third-party risk management, particularly concerning the security of client data.

- The legal industry is still maturing its vendor risk management programs, with some firms at the beginning stages and others already implementing programs.

- Law firms that do not adequately manage vendor risk may be exposed to risks such as class action lawsuits and the exposure of client and personal data.

- Certifications alone are no longer sufficient, and law firms need to go beyond certifications and implement continuous monitoring and enforce policies.

*Chapters*
0:00 Introduction and Background
2:38 Emerging Themes and Risks in the Legal Industry
7:15 Maturity of the Legal Industry in Vendor Risk Management
10:20 Risks Faced by Law Firms with Inadequate Vendor Risk Management
15:03 The Shift from Certification to Continuous Monitoring
20:26 The Importance of Policy Enforcement and Integration with Procurement
25:20 Advice for Law Firm Vendors
26:51 Real Business Impacts of Insufficient Controls
28:08 Conclusion

3 0

Check out Mike Kelly, CEO of ProcessBolt, as he discusses the latest trends in Third-party Risk Management at ViVe 2024.

1 0