MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider Risk Headaches
•
0 likes•302 views
Sign up for our weekly MasterSnacks courses here: https://www.citrincooperman.com/infocus/mastersnacks MasterSnacks, our C-Suite Snacks spin-off, brings you a series of topic-specific courses, using our snack-sized sessions to go in depth on content important to you. Join MasterSnacks live every Wednesday at noon for live exclusive sessions. As your business wages war against cyber criminals, you must combat the vulnerabilities posed by your own third-party service providers. Your external providers must be held accountable in order to keep your business safe and secure. During Session 1 of our MasterSnacks:Cybersecurity series, we covered more about mitigating third-party risks by evaluating and managing your service providers. Key takeaways included: - Third-party risk evaluation and management systems - Strategies to mitigate risk - The value and difference between SOC Reports
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider Risk Headaches
Similar to MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider Risk Headaches (20)
More from Citrin Cooperman
More from Citrin Cooperman (20)
Recently uploaded
Recently uploaded (20)
MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider Risk Headaches
- 1. Third-Party Crashers: Avoiding Service Provider Risk Headaches May 12, 2021 | MasterSnacks Webinar Series
- 2. Welcome & Introduction KEVIN RICCI, CISM, CISA, CRISC, MCSE, QSA Principal, Technology, Risk Advisory & Cybersecurity (TRAC) Practice Citrin Cooperman kricci@citrincooperman.com 401-421-4800
- 3. AGENDA Stats and Facts 01 Real - Life Example 02 Avoiding Ser vice Pr ovider Risk 03 Questions? 04
- 4. Once More Unto the Breach
- 5. Data Breach Statistics Global Average Cost per Breach: $3.86M Average Cost per Record Compromised: $146 Average Days to Detect a Breach: 207 Average Days to Contain a Breach: 73 Average cost of downtime is $11,600 per minute Average cost of a breach is 39.6% higher if a company is not prepared 43% of Cyber Attacks Target Small Businesses Sources: Ponemon Institute/IBM Cost of a Data Breach Report & Verizon Data Breach Investigation Report
- 6. Third-Party Security Statistics Over 53% of respondents have experienced a third- party data breach in the past 2 years 58% of respondents described their TPCRM programs as early (not deployed) or middle stage (only partially deployed) Only 24% of respondents say their organizations collaborate with third parties to improve their security measures. 56% of respondents say their organizations require some of their third parties to be subject to a more thorough assessment of their security practices. Less than 50% of respondents say their organizations earmark funds to support its third-party cybersecurity risk management program. Sources: Ponemon The Cost of Third-Party Cybersecurity Risk Management Report
- 7. Third-Party Risk Management: Overview • What are some examples of third-party service providers? • Technical support providers • Cloud-based financial applications • Security monitoring • Email • Data backup solutions • What is third-party risk management?
- 8. Third-Party Risk: We’re All a Target
- 9. Third-Party Risk Management: Inventory and Risk Profile • Identify all third-party service providers • Utilize business stakeholder surveys, accounts payable vendor listings, and legal and/or procurement contract databases • Inventory each third-party service provider and collect supplemental documentation • Determine the risk profile
- 10. Third-Party Risk Management: Vendor Assessments • Require vendor due diligence questionnaires to determine their ability to keep your data secure
- 11. Third-Party Risk Management: Monitoring, Disruption and Policies • Monitoring • Frequency • Triggers • Third-party disruption • COVID • Migration to another provider • Develop policies and procedures • Elements include onboarding, the assessment processes, monitoring and offboarding
- 12. Third-Party Risk Management: SOC Reports • Overview • Provides detailed information and assurance about controls at a service organization. • Developed by the American Institute of CPAs • Versions • SOC 1, SOC 2, SOC 3 • Type1, Type 2
- 13. Third-Party Risk Management: SOC Reports • Trust Services Principles • Security 32 Criteria • Availability 3 Criteria • Confidentiality 2 Criteria • Processing Integrity 5 Criteria • Privacy 18 Criteria • Obtaining and reviewing the SOC report • Complementary user entity controls
- 17. Questions? KEVIN RICCI, CISM, CISA, CRISC, MCSE, QSA Principal, Technology, Risk Advisory & Cybersecurity (TRAC) Practice Citrin Cooperman kricci@citrincooperman.com 401-421-4800
- 18. Thank You F o r Wa t c h i n g & L i s t e n i n g UPCOMING MASTERSNACKS: CYBERSECURITY WEBINARS: DISASTER RECOVERY: HOPING FOR THE BEST BUT PLANNING FOR THE WORST May 19, 2021 | 12:00 PM ET/9:00 AM PT PLAYING OFFENSE – A PROACTIVE APPROACH TO CYBERSECURITY May 26, 2021 | 12:00 PM ET/9:00 AM PT