Recently, RiskRecon, a Mastercard Company, founder Kelly White, sat down with Sam Olyaei, Director at Gartner Research, and Errol Weiss, Chief Security Officer at Health-ISAC, to discuss their client’s experiences regarding recent trends in third-party risk management. During their discussion, they spoke about the wider impact of cybercrime and ransomware threats.
Kelly White: Do you expect that we're going to continue to see an increase in cybercrime and ransomware activity or will these trends flatline at some point?
Sam Olyaei: I wouldn't necessarily expect to see an increase in the volume of cyberattacks, but I would expect to see an increase in the specificity and the target of these attacks. Historically, you have essentially two groups of crime actors, you have the crime actors that try to do this for financial benefit, and you have the crime actors that do this for political benefit. The crime actors that do this for financial benefit, have a strategy of throwing spaghetti on the wall and seeing what sticks and the groups that do this for political benefit tend to have a more targeted strategy that's focused on chaos and disruption and things of that nature.
The vast majority of attacks are not necessarily going to change in terms of the threat vectors that are commonly used, your phishing, your social engineering, and those types of things. But when you start to get into the political nuances and the capabilities and resources of those entities, you are likely to see zero-day vulnerabilities taking advantage of specific targets.
Errol Weiss: I would agree with a lot of that. I think that the bad guys on the cybercriminal side are always going to leverage current events in phishing themes that they will utilize. To Sam's point, I expect we'll see millions of email messages being sent out with the hopes that somebody's going to click on one of those. Especially with all that charity and relief organizations are doing right now. Again, it's another dynamic that we see, where the bad guys will invent their own charity to look like something legitimate, and just in the hopes that people will donate to them and inadvertently aren't set up. So, I think we'll start to see that, but to me it's unfortunate. The threat landscape never seems to get better, it just keeps getting worse as our criminals and state-sponsored cyber actors keep getting more creative and imaginative as every day passes.
We summarized the key insights from their conversation in a new paper “Trends in Third-Party Risk Management.” Check it out today!
About RiskRecon, a Mastercard Company
RiskRecon, a Mastercard Company, enables you to easily achieve better risk outcomes for your enterprise and your supply chain. RiskRecon’s cybersecurity ratings and assessments make it easy for you to understand and act on your risks, delivering accurate, risk-prioritized action plans custom-tuned to match your risk priorities.
As a leading provider of cybersecurity ratings, RiskRecon continuously monitors the cybersecurity risk of over 15 million companies across even the most highly regulated industries from finance and insurance to aerospace and healthcare. RiskRecon provides deep, risk-contextualized, data-driven insights into the security risk performance across a customer’s entire ecosystem and helps pinpoint specific gaps in any organization’s security programs and performance. With a 99.1% accuracy rating of its data, as certified by a third-party, customers can confidently rely on RiskRecon’s data-driven insights.
Customers that leverage RiskRecon’s platform can transform traditional, manual methods of managing cyber risk into automated and streamlined processes – enabling them to build a highly efficient, scalable third-party risk management program. According to findings of the 2021 Total Economic Impact study conducted by Forrester Research, organizations using RiskRecon realize an average ROI of 147% over a three-year period.