cyber-services-banner-desktop

Optimized Third-Party Cyber Risk Management Programs

Manage risk, not spreadsheets. Identify and remediate cybersecurity risks inherent in third-party relationships, helping achieve compliance with regulations such as NYDFS, FARS, GDPR, etc.

Manage Third-party Cyber Risk With Confidence, Context and Action

 Third parties are essential to modern business, but they also expand your cyber risk surface. Vendors, suppliers, cloud providers, managed service providers, professional services firms and other business partners may access sensitive data, connect to critical systems or support essential operations. When one of those third parties experiences a cyber incident, your organization may still face the operational, regulatory, financial and reputational consequences.

Kroll helps organizations identify, assess, monitor and reduce third-party cyber risk through a flexible combination of advisory expertise, managed services, cyber assessment capabilities, risk monitoring and technology-enabled workflows.

Built on our deep experience in cyber risk, incident response, threat intelligence, compliance and resilience, our third-party risk management (TPRM) approach helps organizations move beyond point-in-time questionnaires and spreadsheet-driven tracking toward a more defensible, intelligence-led third-party cyber risk management program.

 

Platform Overview

CyberClarity360 is a field-proven solution, trusted by some of the world’s largest organizations (including firms in the Fortune 50 and FTSE 100) to deliver key advantages for managing third-party cyber risk:

  • Increase Velocity and Reach

    Automate assessment collection, reaching more vendors in less time

  • Validate Responses

    Smart algorithms surface incomplete and inconsistent answers

  • Identify Compliance and Control Gaps

    Map assessment results against security and regulatory frameworks, e.g. NIST CSF and CIS, to identify control gaps

  • Generate and Track Remediation

    Tailored remediation advice and remediation validation capability

  • Real-Time Risk Monitoring

    Live dashboards and reporting capabilities, risk disposition and acceptance tracking
 

CyberDetectER® DarkWeb

By using CyberDetectER DarkWeb to monitor third-party data on the dark web, you can potentially understand exposures stemming from third parties, including professional services providers, vendors and suppliers.

For example, CyberDetectER DarkWeb discovered that several highly sensitive and privileged documents belonging to one of our clients, a Fortune 100 global financial services company, were being disclosed to public peer-to-peer (P2P) file-sharing networks. Kroll found the source to be a paralegal for one of the client’s outside law firms who was inadvertently disclosing this content while accessing free media on P2P networks. Had these files remained in the public domain, they could have lost their privileged classification and been open for discovery by opposing counsel, exposing much of the company’s legal strategy.

Strategic Program Advice

Kroll provides advisory services to assist CISOs and organizations with their cybersecurity strategy and program building. Kroll assists with leading setup and monitoring of your TPCRM program, risk committee meetings, providing security assessment remediation guidance, evaluating on-premise and cloud-based security solutions, data mapping, incident response planning, training and other third-party risk services.

 
 

Cybersecurity Program Assessment

Detailed assessment of the maturity level of the third party’s security program with an emphasis on the organization’s ability to defend against and respond to cybersecurity threats affecting its information assets and mitigate the risk of suffering a security breach. Kroll utilizes standard security frameworks such as NIST, CIS Controls™, ISO, etc. and focuses on regulatory requirements such as HIPAA, SEC, NY-DFS, GDPR, etc.

Penetration Testing

The goal of a penetration test is to attempt to gain access to corporate assets from the Internet, simulating a real-world attack. Internet reconnaissance is completed to identify publicly accessible information that may aid in the attack. Targeted phishing exercises are included as part of the testing. 

Vulnerability Testing

The goal of a vulnerability test is to determine if security vulnerabilities exist which may be exploitable by attackers. Kroll utilizes advanced vulnerability assessment tools to identify potential security vulnerabilities within the corporate environment.

 
 

Global Risk Management Expertise

Our end-to-end TPCRM solutions are powered by Kroll’s unrivaled expertise in cyber risk management and the frontline insights acquired by handling more than 1,000 cyber incidents per year. Enterprises benefit from our cyber and compliance expertise in regulations such as current European data protection laws, US HIPAA, PCI DSS, CASL and Hong Kong's DPO Principle 4, among others. Many of our risk professionals bring years of unique experience in a variety of industries as well as from their former service with law enforcement and regulatory agencies:

  • Federal Bureau of Investigation (FBI)
  • U.S. Department of Justice (DOJ)
  • Interpol

  • UK Intelligence and Policing
  • Europol
  • Hong Kong Police Force
  • Securities and Exchange Commission (SEC)
  • U.S. Department of Homeland Security (DHS)
  • U.S. Secret Service (USSS)
  • U.S. Attorney's Office

News

img

Let's solve for the future

We will use this information to respond to your inquiry and process your data in accordance with our privacy policy.