Companies are being driven to adopt technology at an unprecedented pace. In the past years, both remote working and the transition towards Industry 4.0 have accelerated the introduction of new technologies and digital tools. While such technology has been of great assistance, it has also brought about an increase in malicious cyber activity.
“Cyber threats introduce risk to business operations and to systems,” says Egide Nzabonimana, president of the Belgium chapter of ISACA, an international non-profit organisation for IT professionals. “Not only are the systems used by the company itself at risk, but so are those outsourced to their third-party suppliers. This is particularly concerning for organisations whose operations rely heavily on third-party support and capabilities.”
The back-end has become a complex web
The result is that the back-end of a company’s digital systems has become a complex web involving many different players. Their software and systems must be compatible with each other in order to function correctly. But in the light of continuous cyber attacks, this web must fit together as tightly as possible, with no security gaps. “You can compare the situation to a newly formed family. Third-party risk management is the new form of marriage that enables our current way of operating a business,” according to Nzabonimana.
Companies must thus not only assess their own security environments, but also understand the security environments of their third-party suppliers. “You need to treat the third-party supplier’s environment as an extension of your own IT systems. Third parties must demonstrate that their state of governance and their cybersecurity are in harmony with those of the organisations they work for, supporting systems without introducing weaknesses that can be exploited by cyber criminals. These are two major challenges for any enterprise infrastructure and accompanying third-party supplier, as the objectives of each may not align as smoothly as one would expect.”
Keeping up with technological changes
For successful third-party risk management, there is first a need for digital trust. “In practice, that level of trust can only be achieved when there is a common language. And this is ISACA's aim. By offering training, audits and certificates to IT trust professionals, we enable dialogue,” Egide Nzabonimana explains. “Our certificates are a globally recognised quality label that is also linked to an ethical code of conduct. They demonstrate that someone is able to contribute to a specific theme within cybersecurity. Moreover – and this is essential – you can only renew the certificates if you can demonstrate that you are keeping up with technological changes.”
One of the most important technological breakthroughs of 2023 was generative AI, which can also become a game changer for cybersecurity. “If we want to keep up, it is crucial that we learn to have the right focus. That is why we must continue to build a framework that can deal with these impactful trends. We further contribute to this through the ISACA certificate we have now introduced for new technology.”
Collaboration and knowledge-sharing among cyber professionals therefore remains very important. “Thanks to organisations such as the Cyber Security Coalition, a well-developed ecosystem has emerged in Belgium, with the same mission as ISACA. This ensures that we do not have to keep reinventing the wheel. Especially considering the ongoing labour shortage in our sector, we must continue to look for ways to allow business-minded people to collaborate optimally with IT professionals,” the president of the Belgium chapter of ISACA concludes.