While conventional approaches to third-party risk management remain unchanged, the industry is transitioning to a new "normal," says RiskRecon CEO Kelly White.
"The way companies manage internal cybersecurity risk is very data-driven today," he says. "Compare that with the way third-party risk is managed, and they are very far apart. The techniques used internally inform where third-party risk management will go."
In a video interview with Information Security Media Group at RSA 2020, White also discusses:
- The evolving third-party risk surface;
- Key pain points for organizations and recommendations;
- The new "normal" for third-part risk management.
White is the co-founder and CEO of RiskRecon. He previously served in various enterprise security roles, including CISO and director of information security for financial services companies. White was also practice manager and senior security consultant for CyberTrust and Ernst & Young.