Jun 28, 2021
Hello and welcome to the new episode of the Risk Management Show
brought to you by Global Risk Community.
This is your host Boris Agranovich and our guest today is Alex
Tarter, CTO at Thalas UK Cyber & Consulting
and director of TurgenSec, an innovative London based infosec
In this episode we discussed the following topics.
What is the state of attack surface management and threat
With the constant drive to innovate, digitally transform and
move to the cloud many large businesses generate a large amount of
orphaned assets, shadow IT or misconfigured cloud instances.
As a result of that, many companies end up with a core set of
IT infrastructure that IT teams are aware of and managing and a
whole bunch of others that they’re unaware of.
This is what often leads to large data breaches and
compromises - IT teams so focused on a vulnerability mgmt problem
in known assets that they ignorant of those critical assets
potentially causing a huge issue.
But as bad as it might be in a large company the same is true
for their supply chain.
Very often the supply chain partners holding critical customer
and company data are not great at looking after their own
They might have security and audit requirements in their
procurement contracts but the reality is they’re hardly ever
exercised and mostly the language only applied once a data breach
happens and a company wishes to claim compensation.
It would be much better if we could monitor their attack
surface and if there’s issues point them out. After all it’s not
the issues themselves that are always that important but to see how
the supply chain partner reacts.
f they’re mature and can respond then they’re probably taking
good care of your data. If they can’t respond effectively then it’s
likely they’re a bigger risk.
For CISOs it’s the fact that they’re typically operating on
incomplete knowledge. If they knew about issues they could respond
and allocate resources effectively.