8CIOReview | | JULY 2023IN MY OPINIONRISING ACCESS OF AI POWERED TECHNOLOGY ENABLES DEVELOPMENT OF MALWAREThe World Economic Forum's Global Cybersecurity Outlook report indicates that cyberattacks increased 125 percent globally in 2021, with an expected continued uptick. And while cyber-security related issues are not new, what has changed in the recent years is a massive move to the Cloud, IoT, e-commerce, remote accesses and overall digital transformations.The digital transformation that most organizations underwent since early 2020 was primely driven by (not the CIO) but COVID-19. The pandemic accelerated the fourth industrial revolution that most organizations were tip-toeing around, before pandemic pushed them into it. But with massive changes, we are also exposed to massive risks, that if not mitigated could have catastrophic consequences. Every day we are witnessing more and more cyberattacks, data-breaches and privacy concerns. The rising access of AI powered technology that enables the development of malware, scripting and other tools, provide hackers with the ability to manufacture near perfect ways to execute on their plans, with very little effort. The ultimate goal: highly lucrative ransom. With our reliance on technology, the ransomware industry has grown into a multi-billion-dollar global criminal industry, with no indications of slowing down.How do we mitigate this risk? Start by performing a detailed risk assessment to discover any systems or data that are vulnerable to a cyberattack and then work with experts to determine how to protect them. This will require investing in people, processes, and By Sanja Cancar-Todorovic, Head of Enterprise Procurement, Outsourcing & Third-Party Risk Management, Home Capital Group Inc.technologies, with cyber awareness training being at the forefront of the entire endeavour. However, it is not enough just to have the strong controls in place within your own organization. You must take it one step further. Things like vendor concentration, fourth party risk management; information security, business continuity, vendor reputational risk, and vendor financial health are all now part of the elevated Third-Party Risk Management (TPRM) process that starts right at the vendor evaluation and onboarding stage. It is managed through structured well-defined Vendor Governance Process and Continuous Risk Monitoring. Arguably, out of all of the TPRM components, Information Security requires the most attention, as it is the biggest threat to any organization. Your organization's Information Security is only as good as your weakest IT vendor. Fortunately, there are many InfoSec tools available to continually monitor vendor risk profiles based on data breaches and/or cyber attacks. However, by the time you are notified of them, it might already be too late. The best defense remains comprehensive vendor due diligence process, including reviews of the independent InfoSec Audits and vendor SOC reports, by the organization's IT subject matter experts. This should never be one time event at the onboarding stage, but rather an annual process performed by your organization for every critical vendor that has any ability to impact your IT infrastructure. Sanja Cancar-Todorovic
< Page 7 | Page 9 >