Over the last 12 months, cyber security breaches arising from compromising third parties have featured in the headlines. Previously, most organisations had given little thought to their reliance on third parties for critical services, software, and the protection of sensitive information. As such, in many cases the issue has flown largely under the radar.

A compromise via a third party is now an increasingly common attack vector. This is due to the fact that the smaller third parties often hold critical data and an attack on one third party can quickly be leveraged as an attack on all its customers. Additionally, some smaller third parties do not have best-practice cyber security capabilities in place.

Security Frameworks such as NIST and ISO 27001 have long identified risks arising from third parties. CIOs need to move quickly to identify, assess, and mitigate risks from their third parties. This article provides some recommendations that will assist in managing these risks.

Existing Client Login

This advisory paper is only available to IBRS advisory clients. To find out more about becoming an IBRS advisory client complete the attached form and we will be in touch.

Please let us know your name.
Please let us know your email address.
Please enter a valid phone number
Invalid Input
Invalid Input

Read more ...

Philip Nesci

About The Advisor

Dr. Philip Nesci

Dr. Philip Nesci is an IBRS advisor specialising in digital transformation, Cloud strategy and analytics, cyber resilience and risk management, and large scale program management. Philip has an extensive track record as a CIO and an Executive in global commercial organisations such as Shell, Orica and China Light and Power, where he has orchestrated and delivered major organisational transformations enabled by technology. More recently as CIO of Monash Health and the Australian Red Cross Blood Service, Philip has focused on the Health sector and in Government leading a number of programs which have significantly reshaped the customer experience and engagement, underpinned by cyber resilience. Philip’s approach to strategy development and implementation is achieved through strong leadership and extensive engagement with Boards and Executives. Philip’s blend of business and technology experience across a wide range of industries and enhanced by working extensively in Australia, Europe, Asia and the USA, provides him with unique understanding in successfully planning and executing digital strategies to reshape business.