One of the ways to deal with the third party risk issue is to drive down your security knowledge and directives to those operating in your supply chain. If your suppliers are not as security savvy as you are, they’re not going to have as robust a security program as you are. So if you want your overall security to improve, you’re going to need to take the initiative and provide the security guidance.
This is what Martin Bally, vp and CISO, Campbells said in our conversation at Black Hat 2022. Bally said they’re providing their suppliers with education and also directives, like deploying MFA, to bolster concerns around third party security.
Bally came from the automotive industry and in Europe they have a regulation called TISAX which requires participants to achieve certain levels of security to participate in the industry. It’s another level of regulation that Bally would like to see here in the US, as it will benefit everyone as everyone will be clear what it takes to be a valuable vendor in the community.
Got feedback? Join the conversation on LinkedIn.