The purpose of the GRF Summit on Third-Party Risk was to increase awareness of security best practices, offer an opportunity for collaboration among third-party vendors and
organizations’ risk management teams, and provide a platform for security leaders to share expertise and learn from each
other to improve holistic security.
The Summit offered education and networking on the critical cyber and physical security issues facing organizations, their vendors, and the areas where the two groups intersect.
Attendees at the event were CIOs/CISOs, Cyber and Physical Security Risk Management, Network Security and Compliance Teams within ISAC/ISAO Member Organizations, and third-party vendors/suppliers serving those organizations that need to ensure confidentiality, integrity, and availablity of client systems.
Ongoing education and greater awareness are key to mitigating risk, as executives are starting to view security expenses as “pay now or pay more later.” Therefore, it is important that security leaders share their collective best practices and experience to help enhance critical security programs.
In its first iteration, this event was held by Aetna to educate its vendors on the threat landscape, Aetna’s policies and needs, and actionable recommendations for security improvements. Last year the Health ISAC (H-ISAC), formerly NH-ISAC, held the event and expanded on Aetna’s work to include many healthcare companies and vendors. Realizing that the need for increased security and stronger relationships are not industry specific, H-ISAC and its member organizations suggested that the Global Resilience Federation (GRF) take ownership of the event as a cross-sector summit to include the members and vendors of eight different information sharing communities. H-ISAC, Financial Services ISAC, Legal Services ISAO, Oil and Natural Gas ISAC, Energy Analytic Security Exchange, Retail Cyber Intelligence Sharing Center, National Retail Federation’s Retail ISAO, and Multi-State ISAC urged their member organizations to encourage security, risk management, compliance staff and third-party vendors to attend.
The relationship between organizations and their third-party vendors is a critical one but also one of increasing complexity from a cybersecurity, management and compliance perspective. The growth of cybercrime and expansion of regulation coming from entities like the New York State Department of Financial Services and the European Union make it even more critical for companies’ risk management and compliance staff to work closely with vendors.
Stay tuned for more information on the 2019 Summit taking place September 30 to October 2!