Assessing customer risk, vendor risk and preventing cyber debacles

By John Guerra

Editor, GRC & Fraud Software Journal
As we enter 2017, the president of the United States has pledged extreme reductions in federal regulations and compliance rules. The president and his cabinet picks, several of whom are billionaires and creatures of Wall Street, have shown disdain for conflict of interest rules and eschew transparency in reporting their personal finances. Those attitudes could loosen accountability in America’s business sector, behaviorists warn.

There are other challenges facing the GRC and fraud solutions space, so we’ve asked several top companies to predict what their clients may face in the next 12 months.

Sam Abadir, LockPath

Sam Abadir, LockPath

This week, Sam Abadir, director of product management for LockPath, weighs in with his thoughts.


Cybersecurity: Customers demand data security

Billions will be spent on cyber security by thousands of companies. Only a fraction of those companies will get the full value from their investments.
Governments, insurance agencies, consumers and more are demanding that their stakeholders keep their data safe while respecting their privacy.

Organizations, in turn, will increasingly invest in cyber tools such as SIEMs, vulnerability scanners, and threat feeds. Other companies are already building a robust governance framework to ensure their policies address risks, legal concerns and best practices.

Each element of cybersecurity is important and vital for a successful cybersecurity program. Companies, however, may overlook the duplicative and separate efforts required to manage every tool, every feed, and every component of a cybersecurity program.

This extra and unnecessary burden will slow down efforts, make reporting inefficient and ineffective, and add unnecessary complications and delays to cybersecurity programs. Those drawbacks make these programs not only more costly, but less secure.

Government will mandate cyber risk management

Cyber risk management of all disciplines will be mandated by governments, first at the industry level and then across all businesses.

Cyber criminals are here to stay. They will continue to hack into businesses and accounts belonging to celebrities, politicians, financial institutions, healthcare organizations, utilities, and just about everywhere else.

If the data is valuable, the criminals will try to steal it.

We have already seen healthcare and financial services industries create and develop rules and compliance regulations that require cybersecurity.

Because regulators are liberated from the politics that can influence their world, they often set rules before laws are widely enacted.

We should expect more industry regulators to bring cybersecurity into their management – long before highly partisan government officials make unified decisions on laws.

State legislatures will start pushing laws that require industries to protect their cyber assets. This likely will happen at an industry level first because so many states have three or fewer dominant industries states must protect. Many states will develop laws that are stronger or slightly different than federal regulations – causing organizations extra consideration and extra cost in reporting.

Vendor risk management will focus on customers

Vendor risk management practices will extend to customers as vendors are fined for customer support.

Organizations will focus more on reducing risk to suppliers, customers, and suppliers. As companies deepen their knowledge of operational and compliance risks, they will learn how suppliers and customers add to their risks.

Everyone by now has heard about how an HVAC vendor was partially responsible for the cybersecurity breach at Target, which may have led to the theft of millions of credit card numbers and other customer account information.

It makes sense that material suppliers can impact the overall quality of goods manufacturers make. The actions of customers also can be risky to organizations that supply them with goods and services.

It’s easy to imagine Internet providers assessing customers on their propensity to download illegal content. Why shouldn’t Internet providers report or punish customers that use the Internet to perform illegal actions? After all, such behavior can point out those who are creating problems before major hacks and theft occurs.

As organizations get wiser about risk and how customers and vendors impact risk, they will act to manage that risk, including assessments, monitoring key performance and risk indicators, and start rationalizing their vendors and their customers.

For more about LockPath, developers of the KeyLight Platform, go here.



Posted in Uncategorized and tagged , , , , , .

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>