The days of third-party risk management being a non-existent thing or a tick-the-box kind of exercise are fast fading, said Linda Tuck Chapman, CEO of the Third Party Risk Institute.
Since the beginning of the pandemic, those working in the cybersecurity field have focused on three or four primary areas of risk, Chapman said: business resilience, cybersecurity, the financial health of third parties and the supply chain.
“The cyber risk is just out of this world right now,” Chapman told SC Media’s Derek Johnson during an eSummit. “It's basically the whole threat landscape — working from home, so much heavier use of the internet — people are very sophisticated about stealing data and information and money.
“And they're getting better every day. So we've seen some of the most sophisticated, mass attacks ever since COVID started.”
Chapman suggested organizations have a good segmentation strategy for determining the reliance on third parties since, when it comes to risk, it’s not always the most important business relationships that create the biggest exposure.
“It is possible for a small company to be the access point,” said Chapman. “Anybody who is trying to get in and do something nefarious is going to come in through the weakest link.”