No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

Cyber Threats Are Evolving. Is Your Risk Management Strategy?

Uniting departments to tackle cross-domain cyber risk

by Dean Alms
October 28, 2024
in Cybersecurity, Risk
life preserver on keyboard

As cyber threats evolve beyond traditional IT boundaries, businesses face new challenges in protecting their digital assets and supply chains. Aravo’s Dean Alms explores how companies can adapt their cybersecurity strategies to address emerging risks and build resilience across their extended enterprise.

Mitigating cybersecurity risk isn’t just a pure IT management challenge anymore. Information security must now be a collective responsibility shared with other departments, including legal and compliance but also procurement and supply chain. That’s because the nature of cyber threats are evolving well beyond the cyber realm.

One study found that more than half (56%) of cybersecurity incidents are partially or entirely the result of supply chain attacks, which have surged in recent years, and are projected to cost the global economy almost $81 billion annually by 2026.

Digital attacks like AT&T’s third-party data breach may be top-of-mind when business leaders think of cyber threats right now. But physical supply chain attacks and geopolitical tensions are prompting state-backed hackers to target trade flows, putting shipowners, ports and other maritime groups on cyber criminals’ hit lists. A decade ago, physical cyber threats were rare — only three were reported in 2014. But last year, there were at least 64 — many linking to Russia, China, North Korea or Iran, and those are just the ones we know of.

As cyber threats evolve — and risk domains like cybersecurity and geopolitics, among others, continue to overlap — so, too, must risk management strategies.

lego figures going on journey
Cybersecurity

The CISO’s Journey From Digital Defender to Compliance Champion

by Frank Balonis
October 8, 2024

Navigating the nexus of cybersecurity, global regulation & operational resilience

Read moreDetails

The new mindset to managing cybersecurity risk

A proactive security posture begins with improving your threat visibility and awareness. Third-party risks don’t happen in a vacuum. Cyber is just one of many priority risk domains your company should be watching. Business leaders need a more holistic approach and mindset to managing cybersecurity risk to navigate today’s evolving threat landscape.

Getting real about where the threats really lie

Since a majority of cybersecurity attacks emanate from a company’s supply chain, it’s only prudent that risk managers conduct a thorough investigation of each and every supplier, vendor and other supply-chain partner that may enter its extended enterprise, either digitally or physically. Due diligence checks include confirming a company’s cyber/information security protocols and standards, if they have been involved in recent data breaches or other security incidents and if they are financially and operationally sound.

Collapsing data silos

Now more than ever, information sharing across departments is critical to improving cybersecurity awareness and threat response. By centralizing data across risk domains and the teams that traditionally monitor them, organizations can better identify and manage cross-domain risks before they become disruptive and prevent threats from slipping through the cracks.

Diversifying your network

Remember CrowdStrike? Consider the risk of relying heavily on a single vendor for critical operations. Diversifying helps minimize disruptions during unexpected breaches, attacks or even outages like the one that halted so many industries from travel to healthcare this summer.

Not ignoring risk scoring, but not solely relying on it either

Risk ratings are just one tool in the risk manager’s toolkit. They provide an instant score of a third party’s security posture, such as when they fail to meet due diligence requirements for industry frameworks. However, they shouldn’t be the sole factor in evaluating suppliers. Risk ratings can augment third-party due diligence checks, but businesses should rely on multiple sources of risk intelligence. This includes tailored risk assessments or surveys, risk rating and scoring metrics and other third-party sources to enrich their understanding of their suppliers’ risk exposure, rate prospective vendors against benchmarks and determine if they are willing to accept companies at certain risk levels.

Continuous monitoring: Risk never sleeps. Continuous monitoring of risk domains, suppliers and third parties enables decision makers to get ahead of risk events and implement contingency planning. You won’t be able to prevent every threat from emerging or risk event from occurring, but you can receive early warning and improve your security posture from reactive to proactive.

Managing vendors throughout the relationship: Effective vendor management requires careful attention to access controls at all stages of the arrangement. During onboarding, organizations should implement a secure process for exchanging necessary information and granting appropriate system access. Equally important is the offboarding process when a vendor relationship concludes. Organizations must ensure that all sensitive data is accounted for, access permissions are promptly revoked, and any residual financial or informational risks are mitigated. 

It’s time to adapt the cybersecurity risk management playbook to tackle today’s evolving threat landscape. Millions of dollars, private data and public trust are at stake. Operational resilience hinges on a company’s ability to enhance the breadth and credibility of their risk intelligence, improve data sharing and threat visibility across departments, diversify their vendor network and continuously monitor their extended enterprise for new and evolving threats.


Tags: Cyber Risk
Previous Post

Navigating Data Breach Compliance & Communication

Next Post

Focus on Cyber Resilience Fundamentals and Compliance Will Naturally Follow

Dean Alms

Dean Alms

Dean Alms is the chief product officer for Aravo overseeing product strategy, management, marketing and product design. He recently joined Aravo to build an organization that would expand the product portfolio and market reach of industry-leading apps in third-party risk management.

Related Posts

matrix numbers cybersecurity concept

Why Scalable Global Frameworks Like ISO 27001 Matter

by Sam Peters
May 29, 2025

Updated security standard addresses modern threats with expanded digital protections

news roundup green bars

In-House Counsel Salary Increases Slow

by Staff and Wire Reports
May 2, 2025

Majority of execs predict rise in fincrime in ’25

data abstract green purple

66% of CISOs Worry Cyber Threats Are More Advanced Than Companies’ Defenses

by Staff and Wire Reports
April 25, 2025

US business sector falling behind in adoption of renewable energy

robot hand pointing to sky

Agentic AI Can Be Force Multiplier — for Criminals, Too

by Steve Durbin
April 21, 2025

How polymorphic malware and synthetic identities are creating unprecedented attack vectors

Next Post
hand holding binoculars digital art collage

Focus on Cyber Resilience Fundamentals and Compliance Will Naturally Follow

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights