3rd Party Risk Management , Cyber Insurance , Governance & Risk Management

Forrester Predictions: Rethinking Supply Chain Management

Analysts Sandy Carielli and Jeff Pollard on Challenges in the New Year
Jeff Pollard, VP & principal analyst, and Sandy Carielli, principal analyst, Forrester

Principal analysts at Forrester, Sandy Carielli and Jeff Pollard, discuss their latest research, Predictions 2022: Cybersecurity, Risk and Privacy, which highlights the need for gaps in third-party relationships, collaboration and trust to be addressed.

See Also: Breaking Down Silos With a Holistic View of Security, Risk

Carielli says: "When we looked at the data for this past year, the most common causes of breaches were either software vulnerabilities in third-party components, or third-party commercial components that you're embedding in your software, or other types of breaches in the supply chain."

Pollard advises security leaders to see this as an opportunity to improve and streamline their third-party risk management practices. "Maybe it is going in and helping some of their third-party suppliers with those security controls. It's certainly things like limiting access, limiting connectivity, and locking things down as much as possible," he says.

In a video interview with Information Security Media Group, Carielli and Pollard discuss:

  • Top predictions in the Forrester report;
  • The changing nature of the cyber insurance landscape;
  • How security leaders can build trust with their colleagues, partners and suppliers.

Carielli is a principal analyst at Forrester, advising security and risk professionals on application security with an emphasis on the collaboration among security and risk, application development, operations, and business teams. Her research covers topics such as proactive security design, security testing in the software delivery life cycle, protection of applications in production environments, and remediation of hardware and software flaws.

Pollard primarily contributes to Forrester's offerings for security and risk professionals. He leads Forrester’s research on the role of the CISO, specializing in topics related to security strategy, budgets, metrics, business cases and presenting to the board. His research also includes security services, featuring global coverage of managed security services, professional security services and security-as-a-service. He also takes an active role in Forrester’s forward-looking research on security innovation, the security market and security predictions.

About the Author

Anna Delaney

Anna Delaney

Director, ISMG Productions

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.