Insider Threats & Third Party Risk: How to Manage Security Threats

Razorwire Cyber Security

30-10-2024 • 44 mins

Every vendor you trust and every employee you hire could be your next security crisis—explore the realities of third party risk and insider threats on this episode of Razorwire!

Join us for a discussion on the multifaceted challenges of third party risk and how they can destabilise your organisation. From the growing complexities of cloud providers like AWS and Azure to detecting and dealing with insider threats, our conversation covers it all.

My esteemed guests, Razorwire favourites Iain Pye and Chris Dawson, share their perspectives on the right to audit third parties and how shifts in business models and changing workplace culture impact our security postures.

We also break down a case study involving indemnity and insurance settlements following a breach incident, providing you with practical takeaways for enhancing your own security protocols.

Key takeaways:

Strengthen Your Third Party Risk Management

  • Implement contractual audit rights early in vendor relationships
  • Develop resilience plans for vendor service failures
  • Understand the risks of supply chain dependencies (third parties of third parties)
  • Plan for scenarios where key service providers might fail or be compromised

Understand and Mitigate Insider Threats

  • Identify different types of insider threats (accidental, disgruntled employees, corporate espionage)
  • Monitor for behavioural changes and suspicious activity patterns
  • Implement ongoing background checks and security clearance reviews
  • Balance monitoring with employee privacy and company culture considerations

Address Modern Security Challenges

  • Evaluate the cost-benefit trade-offs between in-house and outsourced services
  • Implement monitoring solutions that correlate data from multiple sources
  • Develop security strategies that account for both human and technical factors
  • Create comprehensive risk assessments that include both internal and external threats

Join us on Razorwire as we untangle the complexities of third party risk and insider threats, providing you with actionable insights to fortify your organisation's cyber defences.

On the inevitability and scale of third-party breaches:

"It's inevitable. You're gonna have a third party breach. There's about, what, 10 a day... You could do all the due diligence in the world and all the security checks about this. You could have a very robust vendor risk management, whatever you wanna call it. At the end of the day, it's gonna take one little, maybe insider threat on the third party side, and that will cause a breach."

Iain Pye

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen


In this episode, we discuss:

Implementing Third Party Audit Rights: Secure your organisation by establishing robust audit rights in vendor contracts before engagement begins.

Evaluating Cloud Provider Stability: Assess and mitigate risks when selecting cloud providers by verifying their financial stability and data migration capabilities.

Preventing Insider Security Breaches: Distinguish and protect against both intentional and accidental internal security threats through targeted controls.

Building a Strong Security Culture: Foster an environment where employees actively report and respond to security warnings rather than normalising them.

Managing Employee-Related Risks: Develop strategies to...

You Might Like

Darknet Diaries
Darknet Diaries
Jack Rhysider
BBC Inside Science
BBC Inside Science
BBC Radio 4
Tech and Science Daily | The Standard
Tech and Science Daily | The Standard
The Evening Standard
TED Radio Hour
TED Radio Hour
NPR
Elon Musk Podcast
Elon Musk Podcast
Stage Zero
This Week in Tech (Audio)
This Week in Tech (Audio)
TWiT
Double Tap
Double Tap
Double Tap Productions Inc.
The PC Pro Podcast
The PC Pro Podcast
PC Pro
Lofi ~ Sleep/Chill
Lofi ~ Sleep/Chill
Lofi King
Acquired
Acquired
Ben Gilbert and David Rosenthal
Security Now (Audio)
Security Now (Audio)
TWiT
The Vergecast
The Vergecast
The Verge
AI Chat: ChatGPT & AI News, Artificial Intelligence, OpenAI, Machine Learning
AI Chat: ChatGPT & AI News, Artificial Intelligence, OpenAI, Machine Learning
Jaeden Schafer
TechStuff
TechStuff
iHeartPodcasts
Talkin' Shop
Talkin' Shop
Eclipse Automotive Technology
Hard Fork
Hard Fork
The New York Times
All-In with Chamath, Jason, Sacks & Friedberg
All-In with Chamath, Jason, Sacks & Friedberg
All-In Podcast, LLC
Waveform: The MKBHD Podcast
Waveform: The MKBHD Podcast
Vox Media Podcast Network
This Week in Retro
This Week in Retro
Neil from RMCretro - The Cave, Chris from 005 AGIMA and Dave
RNIB Tech Talk
RNIB Tech Talk
RNIB Connect Radio