Dave Burg
Washington DC
Optimised Third-Party Cyber Risk Management Programmes
Identify and remediate cybersecurity risks inherent in third-party relationships, helping achieve compliance with both global and APAC regional regulations such PDPA, MAS TRM, PDPO, RMIT, GDPR, and more.
Contact UsThird-party relationships can add significant value to a business, but they can also come with their own set of risks. When an incident impacts a company’s clients, it doesn’t matter if it was caused by a third party – customers will hold an organisation responsible for the harm. When a company’s reputation and financial stability are on the line, they need to have a handle on managing third-party cybersecurity risks. They need an understanding of the cybersecurity and resilience of their third parties. Most importantly, they need to know whether a third-party partner is providing adequate security and protection for their sensitive data.
Kroll's Third-Party Cyber Risk Management (TPCRM) services can provide a comprehensive view of risks that supports robust cybersecurity strategies and regulatory compliance. Our team has unique insight that can only be obtained from in-house experience managing third-party risk and responding to over 3,000 different cyber incidents a year using cutting edge technology.
All TPCRM solutions offered by Kroll are designed to be transparent and produce actionable solutions. Our practical approach ensures clients have the strategic foundation they need to strengthen relationships and improve confidence in partnerships with vendors and other third parties.
Third-Party Cyber Risk Management: Objective and Expert Guidance
We’ve designed our vendor risk management services to deliver an in-depth evaluation of the security risks posed by third-party organisations. Our core services are listed below.
CyberClarity360™ Third-Party Cyber Risk Management Platform
CyberClarity360™ is a highly advanced technology solution that helps organisations assess and monitor the security and resilience of their third-party partners. The CyberClarity360™ platform quantifies cyber risks through a transparent scoring and analysis system designed to deliver unique insights and identify areas of risk that might otherwise be overlooked – both at the control level and on a portfolio-wide basis –to help organisations make informed decisions.
Platform Overview
CyberClarity360 is a widely recognised solution trusted by some of the largest organisations in the world – including companies listed on the Fortune 50 and FTSE 100 – to effectively manage third-party cyber risks.
-
Increase Velocity and Reach
Automated collection of assessments reaches more vendors in a shorter period of time -
Validate Responses
Smart algorithms highlight incomplete and inconsistent responses
-
Identify Compliance and Control Gaps
Map assessment results against recognised security and regulatory frameworks, including NIST CSF and CIS, to identify control gaps -
Generate and Track Remediation
Receive tailored remediation advice and validation -
Real-Time Risk Monitoring
Live dashboards and reporting to track the risk disposition and acceptance
CyberDetectER® DarkWeb
By using CyberDetectER DarkWeb CyberDetectER® DarkWeb to track third-party data on the dark web, an organisation can potentially identify exposures stemming from vendors, suppliers, or other third-party partners.
For example, CyberDetectER DarkWeb detected the disclosure of some highly confidential and privileged documents belonging to a Kroll client, a Fortune 100 global financial services firm, on public peer-to-peer (P2P) file-sharing networks. Our team traced the source of the disclosure and determined that a paralegal at one of the client's outside law firms had unintentionally disclosed the information while accessing free media on P2P networks. Had these files remained accessible, they could have lost their privileged classification and become subject to discovery by opposing counsel, potentially exposing the client’s legal strategy.
Strategic Program Advice
Kroll offers advisory services advisory services in Singapore, Hong Kong, across Asia and worldwide to support CISOs and organisations in developing their cybersecurity strategies and programmes. We also assist with setting and monitoring TPCRM programs, providing security assessments and remediation guidance, assessing on-premise and cloud security solutions, mapping data, developing incident response plans, personnel training and others services related to third-party risks.
Cybersecurity Program Evaluation
We will perform a comprehensive assessment a third party's security programme, focusing on their ability to defend against and respond to cyber threats and mitigate the risks of suffering a security breach. Kroll uses industry standard security frameworks – including NIST, CIS Controls™, ISO, etc. – and compliance with relevant regulatory requirements, including Singapore’s Personal Data Protection Act (PDPA) including the Monetary Authority of Singapore’s Technology Risk Management Guidelines (MAS TRM); Hong Kong’s Personal Data Privacy Ordinance (PDPO); the Bank Negara of Malaysia’s Risk Management in Technology policy (RMIT); and the EU General Data Protection Regulation (GDPR), among others.
Penetration Testing
Our penetration tests are designed to simulate real-world attack scenarios to attempt unauthorised access to an organisation’s assets. We conduct internet reconnaissance to identify publicly accessible information that might aid an attack as part of the testing. Targeted phishing exercises are also included.
Vulnerability Testing
Kroll’s vulnerability tests determine whether there are vulnerabilities in an organisation’s data security program that could be exploited by attackers. We use state-of-the-art vulnerability assessment tools to identify potential security weaknesses in the organisation’s environment.
Global Risk Management Expertise
The success of Kroll’s end-to-end TPCRM solutions is fueled by our unrivaled expertise in cyber risk management and the frontline insights obtained by responding to more than 3,000 cyber incidents a year. Our clients also benefit from our vast experience ensuring compliance with a host of regulatory systems, including European data protection laws, US HIPAA, PCI DSS, CASL, and Hong Kong's DPO Principle 4, among others. The professionals on Kroll’s Cyber Risk team have decades of experience handling data security in a wide range of industries and serving in a number of international law enforcement and regulatory agencies:
- Hong Kong Police Force
- Federal Bureau of Investigation (FBI)
- U.S. Department of Justice (DOJ)
- UK Intelligence and Policing
- Europol
- Interpol
- Securities and Exchange Commission (SEC)
- U.S. Department of Homeland Security (DHS)
- U.S. Secret Service (USSS)
- U.S. Attorney's Office
Defensible Cybersecurity Includes Knowing Your Third-party Cyber Risks
Protect your reputation and bottom line with Kroll’s third-party cyber risk management services. We can help you assess, identify and remediate with confidence. Speak with one of our experts today.
Connect With Us
Devon Ackerman
Global Head of Incident Response
Cyber Risk
New York
Joel Bowers
Global Head of Litigation Support
Cyber Risk
Toronto
Benedetto Demonte
Chief Operating Officer, Cyber Risk
New York
Frank Marano
Associate Managing Director
Cyber Risk
Secaucus
Cyber Risk and Incident Response Retainers
Kroll goes beyond the typical incident response retainer—we offer clients a true cyber risk retainer to provide elite digital forensics, incident response, and proactive security capabilities with maximum flexibility.
24x7 Incident Response
Activate experienced, local cyber incident response specialists to quickly investigate and eradicate any type of threat, incident, or data breach.
Cyber Litigation Support
Whether responding to a security incident, forensic discovery demand, or an investigation, Kroll’s experienced forensic experts provide unmatched litigation support to help clients win cases and mitigate their losses.
Computer & Digital Forensics
Kroll’s team of computer forensics experts can assist at any stage of an investigation or litigation to ensure no digital evidence is overlooked, regardless of the number or location of data sources.
Insider Threat Investigations
Confidentially investigate cases of employee and third-party misconduct, including malicious and negligent digital activities.
Data Recovery and Forensic Analysis
Kroll’s cyber risk experts can effectively determine whether data was compromised and to what extent. By gathering and uncovering actionable information, we leave our clients are better prepared to manage future incidents.
Digital Forensics & Incident Response
Kroll’s elite security leaders deliver rapid responses for over 3,000 incidents per year, with the resources and expertise to support the entire incident lifecycle, including litigation demands.
Explore Insights
Cyber
Cyber
KAPE Quarterly Update - Q4 2023
February 14, 2024
by Andrew Rathbun, Eric Zimmerman
Cyber
Data Breach Outlook: Finance Surpasses Healthcare as Most Breached Industry in 2023
February 7, 2024
by David White
Threat Intelligence
CVE-2024-0204: Authentication Bypass Vulnerability in Fortra GoAnywhere MFT
January 25, 2024
by George Glass
Threat Intelligence
Inside the SYSTEMBC Command-and-Control Server
January 19, 2024
by Dave Truman
Kroll is headquartered in New York with offices around the world.
55 East 52nd Street 17 Fl
New York NY 10055
Sign up to receive periodic news, reports, and invitations from Kroll.
Our privacy policy describes how your data will be processed.
© 2024 Kroll, LLC. All rights reserved.
Kroll is not affiliated with Kroll Bond Rating Agency,
Kroll OnTrack Inc. or their affiliated businesses. Read more.