Leveraging the CAIQ to Prepare for the Next Supply Chain Attack

Presented by

Demi Ben-Ari, Co-Founder and CTO, and Dov Goldman, Director of Risk & Compliance, Panorays

About this talk

Not much time has passed since the last supply chain cyberattacks: SolarWinds, Accellion, Codecov, and now Kaseya. Do you think Kaseya will be the last one? We don’t. While you’re probably wondering what can be done to predict or prevent an incident like this in the future, we think the better question is: What can you do to prepare for the next one? The CAIQ (Consensus Assessment Initiative Questionnaire) created by the CSA (Cloud Security Alliance) covers all of the possible security controls (CCM - Cloud Controls Matrix) that a company can have as a SaaS provider. By mapping all of the possible mitigation options, companies can reduce the risk of using these cloud and SaaS providers. In this webinar, we’ll discuss the usage of the CAIQ to be able to better prepare your organization for the next supply chain attack that happens—and it will. We’ll also provide some actionable steps you can take to respond to it when it happens and to mitigate compromising your data and your customers' data. Participants will learn: 1. What actually happened in the recent Kaseya breach and how it compares to SolarWinds and the rest of the latest supply chain breaches 2. How to map your supply chain and know who your third parties are, as well as understand their possible impact 3. How to monitor the digital supply chain and your third parties’ cyber posture 4. How to conduct proper security risk management and remediation 5. How the CAIQ fits in this whole picture and how you can leverage it to be better prepared We’ll share our experience and expertise as security practitioners who have implemented our own mitigation strategies and helped our clients understand the impact of third-party security incidents.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (21)
Subscribers (2040)
Panorays is dedicated to eliminating third-party cyber risk so that companies worldwide can quickly and securely do business together. We automate, accelerate and scale the third-party security evaluation and management process so you can quickly and easily manage, mitigate and remediate risk, reduce breaches, ensure vendor compliance and improve your security across the board. Join us as we explore the risk inherent to your digital supply chain and discuss the transformation needed for modern day third-party security risk management—from automating security questionnaires, assessing third parties’ external attack surfaces, considering the criticality of the business relationship and more.