Tuesday, January 25 2022

SYDNEY – (COMMERCIAL THREAD) – Trustwave, a leading provider of managed security services focused on managed detection and response, has launched an industry-leading cyber supply chain risk assessment solution for enterprises and SMBs in the Pacific region. The service, called Managed Vendor Risk Assessment (MVRA), gives organizations access to in-depth, fully scalable assessments of cybersecurity vendors that were previously prohibitively expensive.

Demand for this solution has been driven by organizations increasingly relying on external vendors for the provision of data processing and storage services, as well as a range of other cloud-based or cloud-sensitive services. security. Increased outsourcing and deeper integration with suppliers means increased exposure to supply chain risks.

In addition, recent supply chain breaches widely discussed in the media, including the SolarWinds Orion breach, have raised awareness of the need to move away from ad hoc supplier assessments or those based solely on judgment. technology that frequently misses vulnerabilities or leads to poor business outcomes for both parties.

“Part of the reason we built MVRA is our concern for the cyber resiliency of the corporate space. We encounter shortcomings in organizations where suppliers are not evaluated due to perceived cost. MVRA gives organizations the ability to assess a large number of vendors with measurement consistency previously not possible while leveraging the expertise of true security consultants. For these organizations and the wider community, scalability brings security, ”said Nick Ellsmore, Global Head of Strategy, Advisory and Professional Services at Trustwave.

Ellsmore said MVRA is a solution informed by decades of real-world consulting experience on the front lines of cybersecurity, married to the best risk assessment technology.

This technology was developed by Findings, whose platform is a comprehensive VRM automation solution of choice for businesses and vendors of all sizes. By automating the labor-intensive process of supplier assessments, Findings enables more comprehensive coverage of the organization’s supply chain, and therefore increased security and reduced supply chain risk.

“While conventional methods apply a Pareto threshold to invest their manual resources in some of their vendors, current attacks have shown the vulnerabilities of this approach and the need for broader coverage,” says Kobi Freedman, co-founder and CEO of Findings. “Safety frictions are becoming a global challenge in supply chains, whether it is regulatory or objective risk. ”

Ellsmore added, “MVRA uses Findings technology to accelerate and harmonize critical audit elements. On top of that, there is a layer of human cybersecurity experience and strategic thinking specifically applied to deliver the best results. ”

“You need people to assess people. Purely technological solutions to supplier supply chain risk are sometimes adequate, but often insufficient, as they tend to minimize real risks while amplifying smaller risks. They do not apply a business thinking lens.

Ellsmore also said part of the challenge is what he calls “Go / No Go” decisions regarding third-party vendors. These decisions are made without sufficient information and consistency. For example, a fully automated supply chain assessment can lead a company to exclude a supplier too quickly without considering the business implications.

“What we’re seeing are unintended consequences for cybersecurity,” Ellsmore said. “A marketing department, for example, drains away a very effective customer engagement technology based on a cursory assessment of supplier risk, only to find that three months later, everyone on the team is surreptitiously using a handful of different and unapproved solutions to fill this gap. ”

Based on 25 years of experience in cybersecurity services and thousands of risk assessments, the service includes both automated and specialist-led assessment, based on a software-as-a-service (SaaS) platform. ) easy to use by organizations of all sizes. .

The MVRA service provides:

  • Streamlined process to onboard vendors and collect critical data including penetration test reports, audit reports, and technical and organizational data;

  • Comprehensive security maturity questionnaire based on NIST’s cybersecurity framework that is both reasonable and realistic for vendors to complete;

  • A more in-depth review of each supplier’s responses and data by a qualified Trustwave specialist who understands the indications and possible implications of supplier risk. Each response and security element is reviewed by our experts to ensure completeness and accuracy;

  • For each supplier assessed, a report is submitted within eight days. The report identifies vendor maturity and risk rating on a consistent scale, helping clients understand the potential risk exposure with respect to the nature of their business – system type, sensitivity, and data volume. , and the nature of the link in the supply chain;

  • Assessment reports also provide an impact analysis with recommendations to address gaps and issues for each vendor.

For more information on Trustwave’s Managed Vendor Risk Assessment (MVRA), please contact [email protected]. You can also consult our overview of the offer here.

About Trustwave

Trustwave is a leading provider of cybersecurity and managed security services focused on threat detection and response. Offering a comprehensive portfolio of managed security services, consulting and professional services, and data protection technologies, Trustwave helps businesses safely embrace digital transformation. Trustwave is a Singtel company and the global security arm of Singtel, Optus and NCS, with customers in 96 countries. For more information on Trustwave, visit https://www.trustwave.com.

Previous

Italy pledges to protect Monte Paschi jobs in UniCredit deal

Next

This bullish Bitcoin options strategy targets $50K without risk of liquidation By Cointelegraph

Check Also