Guarding against third-party risks amid an evolving cybersecurity landscape

PHOTO: Cyber Sierrra

The constantly evolving landscape of new threat vectors and security vulnerabilities makes getting cybersecurity right a complex undertaking. In many cases, the weak link is human, and even senior executives have found themselves tricked through social engineering, said Stephen Barnham, a senior technology leader in the Banking and Financials Service Industry (BFSI).

According to Barnham, a General Manager at a multi-national organisation was once tricked by someone purporting to be the CEO to transfer tens of thousands of dollars for a non-existent company initiative.

While the natural propensity might be to dismiss or ignore potential cybersecurity weaknesses as something that will not happen to us, Barnham urged businesses to establish a culture of awareness around cybersecurity and to make it everyone's responsibility.

The risks from without

As the world becomes more interlinked and businesses digitalise, one growing risk would undoubtedly be from third-party organisations. As digital systems are increasingly integrated, including with external vendors and partners, this can lead to a variety of cybersecurity breaches including bad actors gaining entry through them. Silvia Thom, who was formally the CTO at Zalora, shares that vendor security is a common problem.

"You send out a security questionnaire [to the third party] and you get back the answers. There's that pressure to get the contract from the other side. And, you know, if it's a two, three-year-old vendor, how much security could they have built up?" said Silvia.

A better way with Cyber Sierra

There is where Cyber Sierra can make a difference, says Anagat Pareek, ex-CISO of Paytm.

"Cyber Sierra can be deployed to scan the network and upload the report. Vendors don't want to buy another commercial solution - Cyber Sierra will also help them become more secure and give the clients they work with the confidence that they're dealing with a secure organisation. It's a win-win situation," he said.

Edwin Tan, Head of Information Security at Julius Baer concurred: "Cyber Sierra can provide efficient due diligence of a vendor setup based on measurable criteria. This allows us to take quick proactive action in working with the vendor to address the key concerns before engaging them."

"My environment has become so much more complicated over the last 10 years; my attack surface has become significantly broader. This is where all my attention is going," said Barnham

"If there is a solution that enables me to connect to third parties yet gives me peace of mind about who I'm connecting to, by verifying that they are compliant to whatever standards we want to hold them to. This would help me to use my time far more efficiently," he summed up.

Read the full article here and you can learn more about Cyber Sierra at