Our contemporary business environment and, by extension, entire society face several technological challenges. Since the COVID pandemic, the digital transformation has accelerated, which also raises new security concerns. After all, virtually every company and organisation uses a multitude of technology products or services from both large technology players such as Microsoft or SAP, and service providers for a particular sector.
Larger attack surface
This context obviously involves major implications for the cybersecurity of these organisations. “Companies spend a lot of time securing their own data, but then interact with others, distributing some of that data to service providers or third parties. By increasing the attack surface, this also increases the risk of cyberattacks,” states Debbie Janeczek. She is Chief Security Officer at Swift, an international banking cooperative providing services related to the execution of financial transactions and payments worldwide. “It is evident in actuality. For example, third-party breaches at large companies have continued to increase, and are commonly acknowledged to be a problem in the industry."
Coupled with the reality that cybercrime is now an industry in itself, driven by economic motives, it comes as no surprise that third-party risk management has become a constituent part of a cybersecurity strategy. “In practice, you will notice that this is a starting point when devising cybersecurity policies. Today, for instance, potential partners extensively question one another on cybersecurity, before engaging with each other. The questionnaires are increasingly robust.”
This increase in maturity can also be extended to the handling of vendors and to the internal operations of large companies, which are progressively operating to set standards when considering possible collaborations with third parties. “In summary, this evolution should mainly be understood as a shift from reactive to proactive policies in terms of dealing with third parties within cybersecurity. In fact, it has become a basic requirement for anyone who wants to do business. The financial sector, which historically has been at the forefront of technology, has played a leading role in this shift,” clarifies Janeczek, who immediately stresses that this approach can only exist in a world where there is a constant focus on knowledge sharing and collaboration.
Embracing new technologies
The trend is by no means new. “It is fundamentally different from AI, which has taken the world by storm in 2023, and currently occupies the entire cybersecurity sector. The latter, however, also offers clear opportunities around third-party risks. Thus, in the future, it cannot be ruled out that AI could be used structurally as a means of third-party management.”
For Debbie Janeczek, this structural embrace of new technologies is no less than a minimum requirement for the future. Only by doing so, will we be able to keep up with the increasingly complex security challenges: “The further developments around quantum computing are tantamount to the arrival of a totally new reality, once again requiring us to completely rethink security and cyber risks. Conversations on the subject are already in full swing and will only increase,” she concludes.