Organizations in virtually every industry are embracing digital transformation, which is changing how we think about risk management in every facet of operations, product development, customer experience, sales, marketing, and business planning.
Risk Management, broadly and specifically, has been dramatically impacted, especially when it comes to the rise in vendor ecosystem architectures, where systems are speaking with other systems using connectors and APIs, and where data sets are often shared, in even the most regulated industries.
The larger and more complex the enterprise, the greater the need to modernize governance, risk, and compliance, and leaders in corporate risk management are beginning to understand that robust, active, and comprehensive risk management isn’t just a defensive strategy – it is a necessary ingredient in supporting innovation required to remain competitive and grow.
In the industrial and manufacturing sectors, which have been behind the digital transformation curve for decades, a solid Third-Party Risk Management (TPRM) platform can be critical to enabling enterprises to have complete visibility into supply chain-related risks and to embrace connected factories, autonomous systems, data sharing, and more given the dependence on external parties.
Third-party risk management is conducted primarily for the purpose of assessing the ongoing behavior, performance, and risk that each third-party relationship represents to a company. With 60 percent of data breaches originating from an organization’s supply chain, organizations in every industry sector need to effectively manage this growing risk as digital transformation is reshaping the way that these organizations work with vendors. Increased reliance on, and ease of access to the cloud and the explosion of endpoints exposed to the internet has increased the threat of third-party breaches exponentially.
Consider the number of suppliers and vendors that, when connected to the enterprise systems of industrial companies, are required to comply with the organization’s privacy and security standards, corporate and social responsibility standards, anti-bribery/anti-corruption (ABAC) standards, and other company-specific standards.
The importance of third-party management was elevated in 2013 when the US Office of the Comptroller of the Currency stipulated that all regulated banks must manage the risk of all their third parties. The importance of this topic has cascaded down through every industry as ransomware attacks have continued to grow and threat vectors have continued to increase in number and variety. Healthcare companies, in particular, have faced the largest increase in attacks both targeting patient health information and operating systems.
Risk Management has never been more of a team sport than it is today. Traditionally, IT teams worry about risks and compliance around data, cybersecurity, and technology, while OT teams are focused on ensuring resiliency and availability of production facilities when downtime can cost millions of dollars and potentially catastrophic harm to manufacturers.
As a result, risk management has ascended to the board level, especially in highly sensitive industries, with strict compliance requirements for safety, privacy, and more.
“As more and more factories adopt Industry 4.0, all will need to implement a risk-based security mindset throughout the manufacturing facility,” ProcessBolt, a fast-growing startup based in Minnetonka, Minnesota, wrote recently. “Part of this mindset needs to include a thorough third-party vendor risk management program that includes continuous, real-time attack surface management.”
ProcessBolt is a Techstars company; Techstars is a global investment business that provides access to capital, one-on-one mentorship, a worldwide network, and customized programming for early-stage entrepreneurs. Founded in 2006 in Boulder, Colorado., Techstars chooses over 500 early-stage companies to join one of their 3-month, mentorship-driven accelerators, investing $120K and providing hands-on mentorship and access to the Techstars network for life.
ProcessBolt offers an AI-driven vendor risk management platform to help organizations effectively and efficiently manage vendor risk.
The Series A startup has developed a fully integrated AI-driven platform that extracts intelligence directly from vendor policy documents to populate security assessments and correlates that data with the vendor’s attack surface intelligence, simplifying a very manual and time-consuming process. This enables organizations to focus their efforts on mitigating risks and remediating issues with vendors instead of chasing down vendors to complete assessments and reviewing hundreds of vendor documents.
The platform is used by both large customers, such as Boston Scientific, Capri Holdings (the parent of Versace and Michael Kors), Medtronic, Veritas, Scholastic, and several hospitals and law firms, as well as SMBs.
Instead of sending out long and detailed risk assessments to begin the process, vendors put all the requested policy documents and audits into the ProcessBolt platform. ProcessBolt AI then reviews all documentation using deep natural language processing (“DNLP”) and answers assessment questions, adding citations from the documentation to each question so that the vendor and enterprise can verify assessment responses. At the same time, ProcessBolt’s ThreatScape module is looking at all internet-facing attack surfaces of the vendor and correlating this data to the assessment responses, verifying that the assessment responses are consistent with attack surface data.
This innovative approach to vendor risk management reduces risk by verifying assessment responses via audits, policy documents, and attack surface data. This addresses the issue of unknown risks arising from inaccurate assessment responses as it is impossible to remediate a risk that you do not know exists. On top of this, ProcessBolt AI takes an enormous amount of friction out of the vendor risk assessment process, eliminating the document review process for enterprises and reducing fatigue for vendors.
With ProcessBolt AI, organizations can focus their time on remediating and addressing vendor risk instead of worrying about gathering and verifying the accuracy of security risk assessments. The platform has over 10,000 registered users in 40 countries and supports all major languages and is adaptable to any regulatory framework.
Manufacturing was the most targeted sector for ransomware attacks in 2022 according to IBM Security’s 2023 X-Force Threat Intelligence Index. It was the second consecutive year the manufacturing sector held the top spot in the index. The report also surmised that manufacturing organizations are an attractive target for ransomware and extortion, because of the extremely low tolerance for downtime.
While Industry 4.0 is expected to revolutionize the manufacturing industry, there is tremendous cause for concern over the introduced risk. Robotics will replace people. The interconnected network of devices and sensors that make up IoT will handle an enormous amount of data, creating a flow of vital information throughout the manufacturing process. And cyber attackers will take notice of the expanded attack surface.
According to the Boston Consulting Group, which conducted a study of more than 600 managers in the US and Germany on the adoption of Industry 4.0, 41 percent of German manufacturing companies noted data security as a top concern, compared to only 32 percent of US companies. In order to adopt Industry 4.0, both countries cited costly investments to do so.