Insights & Intelligence

A changing business environment has meant that many companies outsource services and have multiple supply chains, introducing new risks from the outside. The Chertoff Group’s Chris Duvall talks about ways to manage third-party risk, the questions companies should be asking, and the looming threat of software subversion. He advises organizations to have a robust third-party program as part of any holistic risk-management strategy.

A changing business environment has meant that many companies outsource services and have multiple supply chains, introducing new risks from the outside. The Chertoff Group’s Chris Duvall talks about ways to manage third-party risk, the questions companies should be asking, and the looming threat of software subversion. He advises organizations to have a robust third-party program as part of any holistic risk-management strategy.

Organizations are facing increased cybersecurity threats. How should companies assess these risks and put a plan in place to prevent them? The Chertoff Group’s Adam Isles and Kurt Alaybeyoglu discuss MITRE’s ATT&CK threat assessment model that helps companies create individual plans to better understand risks, threats and ways to guard against them.

There’s no such thing as risk elimination. But if businesses focus on the most likely threats, they can minimize the damage. The Chertoff Group’s Adam Isles and Scott Gibson talk about how organizations can manage security risks effectively, the importance of monitoring those risks, and the convergence of both physical and cybersecurity threats.

A brief note to our listeners:  Our “Global Threats” podcast was originally recorded on May 3, 2019.  Since that time, additional events have occurred involving the regions we discuss on the podcast.

Geopolitical realities can present risks for companies. The Chertoff Group’s Jonathan Paris, an expert in Middle East, US-China and transatlantic relations, provides regional insights and outlines the risks that Iran poses. What should global companies anticipate in the region?

How can technology play a role in modernizing the security clearance process? Allan Martin, co-founder and CEO of Lumina Analytics, speaks about how we move from an outmoded system that is manually based to one that is far more focused on technology. He discusses how the use of artificial intelligence could make the process more efficient and why continuous evaluation is needed in the security clearance process.

Private companies are collecting an enormous amount of data about us. What’s being collected, who is sharing it, and why? Privacy expert Justin Antonipillai, CEO of WireWheel, talks about the data that online retailers are collecting and buying about customers and how this information can be used. He discusses the steps that companies should take when it comes to privacy.

How can we protect the nation’s critical infrastructure from both physical and cyber attacks? Brian Harrell, the first Assistant Director for Infrastructure Security within the U.S. Cybersecurity and Infrastructure Security Agency (CISA), discusses how “soft” targets – from schools to stadiums and places of worship – can be protected. He talks about the convergence of physical and cyber security, the role of the government and private sector in protecting infrastructure, and how building resilience can help us avoid a single point of failure.

What is quantum computing and how might this disruptive technology change our lives? Paul Stimers, a partner at the law firm K&L Gates and founder of the Quantum Industry Coalition, talks about how the U.S. can encourage innovation in the field – or risk losing out to international competitors. He notes the importance that workforce development will play in the field. With the right investments, he believes the U.S. is capable of winning the quantum race.

Sometimes, the greatest risks to a company come from the inside. The Chertoff Group’s Lee Kair and Sean Horner discuss insider risk, why it happens and what can be done to identify and mitigate those risks. They stress the importance of continually monitoring behaviors that can indicate a red flag. And they offer insights on how a robust insider threat program can help all employees and help identify threats before problems arise.