3rd Party Risk Management , Governance & Risk Management , Video

The Third-Party Realm: Where the Risk Is

Recorded Future's Levi Gundert on Need for Intelligence to Combat Supply Chain Risk
Levi Gundert, chief security officer, Recorded Future

Third-party risks continue to persist, even a decade after the Target breach. Third-party targeting by attackers has intensified due to the interconnectedness of the business world, enabling adversaries to exploit intermediaries for access. This extends from supply chains to code development, APIs and personal data held by organizations.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

The surge in cloud adoption and containerization, while fostering agility, has added to the already-existing security challenges. "The attack surface is just expanding, and the organizations have less control over it and less visibility into it, leading to more complexity," said Levi Gundert, chief security officer at Recorded Future.

The recent SEC incident reporting regulation will add a new dimension by compelling security leaders to recognize the risks tied to third-party breaches. "The SEC has essentially said you have a limited amount of time to report," Gundert said. "What CISOs need to be focused on is the systems they manage internally and have visibility on, where the greatest risk may be. It's probably in the third- and fourth-party realm. When you have a third party that experiences a material breach, and they have your data and your information, what does that mean for you?"

In this video interview with Information Security Media Group at Black Hat USA 2023, Gundert also discussed:

  • The role of intelligence in providing an inside-out and outside-in view of supply chain risk;
  • How should security leaders plan future investments in the context of business risk to maximize wins;
  • How Recorded Future helps its customers manage supply chain risks effectively.

At Recorded Future, Gundert leads the continuous effort to measurably decrease operational risk for clients. He has spent the past 20 years in the public and private sectors, defending networks, arresting international criminals and uncovering nation-state adversaries. He has held senior information security leadership positions across technology and financial startups/enterprises and is a trusted risk adviser to Fortune 500 companies.


About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.