Recorded: August 26 | 2021 Watch
Data breaches are one of the world’s biggest cybersecurity threats for organizations of all sizes. A recent survey conducted by the Ponemon Institute revealed that 59% of organizations have experienced one or more data breaches caused by a third party, costing an average of $7.5 million to remediate. Incorporating current threat intelligence is critical to building and maintaining an effective third-party risk program.
A successful third-party risk program should provide comprehensive threat intelligence to empower teams to understand, and take action against potential risks by monitoring for key indicators, including data leakage, incident reports, domain abuse, email security, vulnerable infrastructure, web application security, dark web attention and breach intelligence. Join this expert panel discussion to learn how to determine the risk of third parties by applying threat intelligence, including how to:
- Understand inherent risk and how that risk impacts our third party’s security
- Assess third parties to identify, prioritize, and mitigate gaps in their security control implementation
- Map out hacker workflows (kill chains) for identified attack scenarios
- Continuously monitor and update everything in relationship to the current threat landscape
Moderator
Colin Whittaker, PCI Industry Alumni, Founder and Director Informed Risk Decisions Ltd. Colin has been instrumental in driving forward a risk and security strategy for payments over the last 15 years since he retired from the military in 2001, and took up the role of Head of Security at APACS. Whilst there he was one of the first people to be elected to the PCI SSC Board of Advisors where he was always keen to try and promote the differences in threat between Europe and UK, and the US. Since that election he hasn't moved far from the PCI domain. In 2010 he moved to Visa Europe and became the Vice President Payment System Risk with responsibilities for designing and operating the Visa Europe PCI compliance strategy for European merchants and service providers. He was also responsible for coordinating Visa Europe's approach to cardholder data breaches in Europe, and for the changes to the Visa Europe Compliance strategy through the creation of the Technology Innovation Programme which gave the very first PCI DSS compliance relief for EMV chip accepting merchants. In 2015 he went independent and currently provides cyber security risk consultancy services to a wide range of public and private companies. Colin has presented on Information Security at major events around the world, and has published a number of papers on security.
Panel
Alastair Parr, Senior Vice President, Global Products & Risk at Prevalent. Alastair is responsible for ensuring that the demands of the market space are considered and applied innovatively within the Prevalent portfolio. He joined Prevalent from 3GRC, where he served as one of the founders, and was responsible for and instrumental in defining products and services. He comes from a governance, risk and compliance background; developing and driving solutions to the ever-complex risk management space. He brings over 12 years’ experience in product management, consultancy and operations deliverables. Earlier in his career, he served as the Operations Director for a global managed service provider, InteliSecure, where he was responsible for overseeing effective data protection and risk management programs for clients. Alastair holds a university degree in Politics and International Relations, as well as several information security certifications
David Klein, Senior Director of Product Strategy at ProcessUnity. David has more than 20 years’ experience in product management and strategic roles for leading technology providers. In his past roles at Pitney Bowes, Invoke, and Brainshark, David launched digital products and SaaS businesses across the globe while also driving product and feature development and forging innovation across mobile, eLearning/mLearning, and cloud-based landscapes.David is responsible for keeping his finger on the pulse of the marketplace and delivering high-value risk and compliance solutions. In his role, he defines ProcessUnity’s overall strategic direction.
Jason Steer is a Principal Security Strategist at Recorded Future, where he’s responsible for employee education & awareness, monitoring our key technology partners and a member of the CSIRT. He has previously held positions at a number of successful security companies over the past 15 years, including IronPort, Veracode, and FireEye. Jason’s expert commentary has been featured in BBC, CNN, and Al Jazeera, and he has worked with both the EU and UK Governments on cyber security strategy. Jason holds a Degree in Management Information Systems.
Alex Valdivia, Principal Threat Analyst at ThreatConnect. Alex Valdivia is Principal Threat Analyst at ThreatConnect, where he helps translate threat intelligence tradecraft into large-scale analytics that provide insight and context to security teams. Previously, he led the ThreatConnect Research Team, a group of globally-acknowledged cybersecurity experts dedicated to tracking down existing and emerging cyber threats. Alex has spoken at DEF CON Skytalks, B-Sides Las Vegas, the National Initiative for Cybersecurity Education (NICE) conference, and has been a guest lecturer for threat intelligence courses at Johns Hopkins University, Metropolitan State University, and the University of South Florida.