It’s the Service Providers You Value the Most That Hurt You the Worst

Dave Snyder - Service Provider Risk
Share this post

No man is an island. The same can be said about your business. Your organization relies on countless people for its survival, let alone its success. Ironically, many of these contributors work for someone else. Suppliers, vendors, consultants, contractors, and other service providers deliver tremendous value to organizations. Unfortunately, these service providers also pose significant risk, especially when you exchange PII, PHI, IP, and other sensitive information. While you have state-of-the-art technology solutions that prevent malicious cyberattacks and data breaches, you can’t vouch for your service providers’ security capabilities (or lack thereof). So you may be able to repel attackers at your firewall but you can’t prevent them from island hopping into your organization through your service providers. CISOs mitigate this third party cyber risk to varying degrees. Service contracts, security attestations and continuous oversight are some strategies that CISOs employ. There’s no silver bullet however so CISOs must consider a variety of strategies to protect their intellectual property when it’s shared with service providers.

 

I recently sat down with Dave Snyder, Chief Information Security Leader for Independence Blue Cross, to learn about one of his biggest concerns. In this video, Dave discusses the challenge of keeping PHI and other proprietary information safe from unauthorized access when it’s shared with so many service providers.

CISO Perspectives is a blog series featuring conversations with chief information security officers from different industries. Each blog features a unique perspective on a variety of topics pertinent to the CISO profession and career. Visit our CISO Perspectives page for more blogs and videos.


Share this post

Keep Reading about CISO Perspectives

Frank Gillman, CISO, Lewis Brisbois

Until Hackers Give Up, CISOs Must Always Do This

by Laureen Smith
Share this postIn the early 2000’s, UPS advertised that they moved “at the speed of business.” The implication was business moves quickly and UPS accommodated businesses by moving quickly too. Logistics experts however aren’t the...
Larry Whiteside, Veteran CISO and Cybersecurity Thought Leader

Modern CISO’s Don’t Say This Word Anymore

by Laureen Smith
Share this postWhen it’s your job to limit risk, it’s understandable to be wary of anything new. It’s much easier to stick to the formula because it’s safe and predictable. In a competitive business environment,...