Another successful year passes and, on all accounts, the reports are superb. ISSA-LA’s 8th Annual Information Security Summit saw expert keynote speakers, a variety of cutting-edge educational tracks geared toward different audiences, and informative, interactive training sessions. Companies and industry peers rubbed shoulders for the premier information security event in Los Angeles.
As a wrap-up to the event, DatumSec colleagues joined together to offer their views on some of the key takeaways gathered from Summit 8. Here’s what we discovered and deliberated about.
What’s the connection between avocados and 3rd-party risk?
We toyed with ideas that involved bugs and disease – neither of which made the fruit very appetizing. Who knew......”Philosophy of Avocados”? The avocado seed represents the core to continuous growth – a better angle, but still a difficult tale to tell in connection with automating 3rd-party risk. Could this represent a company's boundless web of 3rd-party vendors and contractors each with their own 3rd-party vendors and contractors and the reach of data breaches? We tried hard to find a solution, but the custom-made crates, each with two avocados, disappeared well before we could come up with the perfect story.
Even though a solid connection was not established our time here was not entirely wasted, we did have many, many conversations about 3rd-party risk, the challenges associated with getting a grasp on it, and the necessity to find a way to scale beyond just a handful of assessments. Here are a few insights and statements we captured during these conversations:
Crossing the 3rd-party chasm
Our CEO, Jonathan Niednagel, weighs in with his statement: “I can see an illustration showing a large chasm with the IT/Security professional on one side and ’security‘, in some representation, on the other side. There is an attempt to bridge the chasm with ’security measures‘ and another attempt to bridge the same gap with ‘cyber insurance’ where both fall short independently,” he adds.
Connection between 3rd-party risk and cyber insurance
Next Michael Schell, VP of Business Development, takes the baton: "The importance for security professionals to understand cyber insurance has never been more critical. 1st and 3rd -party coverage has proven somewhat confusing for many organizations,” he adds. “It appears chasing after malware may be less important than performing industry accepted due diligence. Get breached by a third party for something simple, and your organization can be left holding the bag."
Competing priorities: Do you accept your 3rd-party risk?
Our CTO, Harry Wan made this observation: I noticed fellow sponsors—an ’anti-ransomware‘ company and another company promising APT protection—both looking to help organizations achieve better levels of protection for their own company. Clearly, scalable 3rd-party vendor risk management—the process of ensuring that the ’rest of your vendors‘ are secure—is competing with these other priorities. I think that after many ’hype cycles‘, CISOs and CFOs are weary of expensive solutions that have over-promised in the past; these folks are more skeptical of today’s solutions”
Food for thought
This certainly gives us food for thought: Who actually has the right conditions, harvest time and serving suggestion with 3rd-party risk? We could certainly point you in the right direction. Might we suggest this is one place you could look?
As your browsing our site, we’d like to thank the ISSA-LA board of directors for bringing so many amazing InfoSec people together in one location. It was a pleasure to meet executives, admins and managers from all walks of business life.
See you at the next event!
If you’re interested in the topic of 3rd-party risk and cyber insurance, be sure to register for our webinar with Stroz Friedberg.