3rd Party Risk Management , Cyber Insurance , Governance & Risk Management
Forrester Predictions: Rethinking Supply Chain ManagementAnalysts Sandy Carielli and Jeff Pollard on Challenges in the New Year
Principal analysts at Forrester, Sandy Carielli and Jeff Pollard, discuss their latest research, Predictions 2022: Cybersecurity, Risk and Privacy, which highlights the need for gaps in third-party relationships, collaboration and trust to be addressed.
See Also: Evaluating and Reducing Supply Chain Risk
Carielli says: "When we looked at the data for this past year, the most common causes of breaches were either software vulnerabilities in third-party components, or third-party commercial components that you're embedding in your software, or other types of breaches in the supply chain."
Pollard advises security leaders to see this as an opportunity to improve and streamline their third-party risk management practices. "Maybe it is going in and helping some of their third-party suppliers with those security controls. It's certainly things like limiting access, limiting connectivity, and locking things down as much as possible," he says.
In a video interview with Information Security Media Group, Carielli and Pollard discuss:
- Top predictions in the Forrester report;
- The changing nature of the cyber insurance landscape;
- How security leaders can build trust with their colleagues, partners and suppliers.
Carielli is a principal analyst at Forrester, advising security and risk professionals on application security with an emphasis on the collaboration among security and risk, application development, operations, and business teams. Her research covers topics such as proactive security design, security testing in the software delivery life cycle, protection of applications in production environments, and remediation of hardware and software flaws.
Pollard primarily contributes to Forrester's offerings for security and risk professionals. He leads Forrester’s research on the role of the CISO, specializing in topics related to security strategy, budgets, metrics, business cases and presenting to the board. His research also includes security services, featuring global coverage of managed security services, professional security services and security-as-a-service. He also takes an active role in Forrester’s forward-looking research on security innovation, the security market and security predictions.