- ABOUT
- VIDEOS
- TOPICS
- TESTIMONIALS
- COMMUNITY
- EVENTS
- NOMINATIONS & LISTS
- SPONSORSHIP
- ABOUT
- VIDEOS
- TOPICS
- TESTIMONIALS
- COMMUNITY
- EVENTS
- NOMINATIONS & LISTS
- SPONSORSHIP
The Cybersecurity Midwest Summit 2022, hosted by CDO Magazine and ComSpark, invites security leaders from various industries to discuss cybersecurity as a genre. In the session titled "Understanding Cybersecurity Risk and Exposure When Evaluating Partnerships," the following panelists discuss the importance of proper partnerships amid rising cybersecurity risks:
TJ Beier, Strategic Account Executive at Global Business Solutions (GBS), moderates the session.
In her opening remarks, Shmaliy claims that organizations today rely on combinations of vendors they engage with and the values they add. “If your vendor does not have the same cybersecurity regimen as the company, you are bringing that risk into your space,” she emphasizes.
Ball concentrates on two partnership categories:
He claims that while speaking with third parties, business partners must understand their security framework, architectural framework, and fundamental concepts.
Additionally, Ball maintains that choosing the correct partner is crucial because a single security vendor cannot meet all security requirements. He urges firms to consider various risk-occurrence scenarios and move at a pace that matters for business.
Moreover, Shmaliy refers to the “fourth-party risk” vendors bring with them through their partnerships or ordinances. “It is important that your partner is upfront about getting into a government risk compliance space for cybersecurity,” she adds.
The speaker recommends having a team of individuals knowledgeable about security and technology and can pose the appropriate questions to a partner or potential provider to reduce risk.
Next, Shmaliy advises developing a relationship with vendors because, in the event of a breach, the organization is also held accountable. She also supports training the staff about software integration across the entire organization.
To ensure security, Batshoun advises companies to research all aspects of solutions before purchasing hardware, software, or solutions.
Ball agrees with Batshoun's opinion and adds that the business should ask its third-party partners to help its employees understand the solution.
Regarding the changing security landscape, Ball says, “Being contextually aware of the organization within which you operate, being contextually aware of the legal requirements and the changing landscape from a legal perspective, understanding the objectives that your team members or your business partners are trying to accomplish — each is critical to ensure secure implementation.”
Further, Shmaliy advises businesses to invest in identity and access management because it serves as the gateway to all systems, including those of partners. Additionally, Ball uses the COVID era as an example, citing a surge in sales from 3% to 25%. The sturdy foundation made the scaling possible, he says.
“You have to make sure that your security folks understand technology. It is very beneficial when you have people that have cross-pollinated over the years — then the ability to understand different disciplines within technology is impressive,” Ball notes.
Advancing that point, Shmaliy shares that she believes government risk compliance practices are the best to follow when working with business partners.
Ball places a strong focus on fostering favorable work relationships and being well-educated. When the board supports organizational security measures, it paves the way for everyone else to join, he notes.
In conclusion, Batshoun emphasizes the value of education from a top-down approach throughout the organization. He views phish campaigns as beneficial since they provide an idea of the number of people who require cybersecurity training.