On this episode of the CyberSpeak with InfoSec Institute podcast, Fred Kneip, CEO of CyberGRX, discusses security risks for companies that work with third-party vendors — those both globally focused and those closer to home.
In the podcast, Kneip and host Chris Sienko discuss:
- How did you get started in computers and security? (1:30)
- What are some of the primary security concerns that global, trans-continental companies should be looking out for? (2:45)
- What are some of the most common attack vectors being leveraged in these third-party vendor breaches? (5:05)
- What mistakes are companies making when it comes to third-party vendors? (9:05)
- How do you convince your supervisors or those in the C-suite that they need take additional steps to strengthen supply chain security? (14:10)
- Can you explain the recent story about the Chinese military inserting a spying chip into equipment to infiltrate U.S. supply chains? (16:45)
- What steps should global companies be putting in place to reduce this type of risk? (20:40)
- Could these remedies be scaled down to smaller organizations? (23:20)
- If you had the power to enact legislation to prevent or minimize these types of attacks, what would you propose? (25:40)
- Tell us about your company CyberGRX. (27:40)
- Where do you see the next wave of cybercrime coming from? (29:35)
Want to learn more about third-party risk? Download our free whitepaper, “A Breach-Prevention Roadmap: Managing Third-Party Security Risks”: https://www2.infosecinstitute.com/third-party-risk
About CyberSpeak with InfoSec Institute
Get security awareness and IT training insight direct from the trenches in this weekly podcast hosted by InfoSec Institute’s Chris Sienko. Each week on CyberSpeak with InfoSec Institute, IT and security practitioners share their insights into a new topic, including security awareness, IT and security careers and keeping organizations safe from cybercrime.