Tips for Implementing a Good Third-Party Risk ProgramPanorays' Matan Or-El on Taking a Holistic Approach to Working With Outside Vendors
Attackers are targeting the weakest link in the supply chain. Because every vendor poses a risk, you need to classify them by risk and track all the data they manage. Third-party risks could range from a law firm with sensitive client data to a flower delivery company. One bank vetted its florists because they know the most important people in the bank and the most valuable customers.
A third-party risk program needs a holistic view on third parties and a way to automate the whole life cycle of a supplier engagement, said Matan Or-El, co-founder and CEO of Panorays. Organizations should classify risk using internal and external data to align it with the organization's risk appetite. For critical vendors, organizations should conduct continuous monitoring.
In this video interview with Information Security Media Group at Infosecurity Europe 2023, Or-El discussed:
- The importance of classification, onboarding and continuous monitoring in third-party risk management;
- The benefits of widespread automation to replace manual approaches;
- Why every security tool needs to adopt AI methodologies.
At Panorays, Or-El uses his entrepreneurial background to address untapped markets in building enterprise-focused security solutions. He combines his technical background with business leadership and vision to help improve the industry's cyber resilience. Or-El established his first startup at age 18.