Horizons Spring/Summer 2019

With internal teams, companies conduct background investigations and reference checks, then build relationships over years of working together. Organizations need something a bit more formal to demonstrate measures are being taken to protect themselves and each other in the supply chain. It is critical for businesses to have third-party certifications and attestations like Service Organization Controls 2 (SOC 2) or SOC 2 for Supply Chain, certifications like ISO 27001, or industry specific certifications in healthcare, credit card processing and others. In order to show due care in selecting vendors, service providers and business partners need a repeatable process that shows relevant risks have been considered. It is expected that in the next few years due care will be emphasized repeatedly in lawsuits after major breaches are revealed – and those that failed to show due care will be penalized heavily. Prepared organizations will have informal, repeatable, processes to evaluate new third parties and initial agreements are put in place.

Vigilant organizations will develop vendor risk management programs based on the risk involved to evaluate new relationships, periodically address existing relationships and contingency plans for when a third party has some kind of security incident. In Conclusion The next decade will bring fascinating technology advancements, process improvements and an abundance of new ways for criminals to steal individuals’ money and information. The first step in preparing for these changes is to develop the ongoing processes needed for periodic updates, changes and improvements. Making frequent small changes is far easier and less costly than waiting for a major incident and then expending too many resources to recover from the incident. Take the time now and put the basic practices in place so you are at least a prepared organization. Then decide if your organization could really thrive by implementing the changes to become a vigilant organization.

CYBER SECURITY SERVICES GROUP

With the emergence of the cloud and growing engagement through mobile and social networks, IT and business processes need to adapt in order to meet new compliance requirements and general best practices. RubinBrown has a dedicated team specializing in cyber security services designed to meet each client’s requirements. For more information, visit www.RubinBrown.com/Cyber

Rob Rudloff, CISSP-ISSMP Partner Cyber Security Services Group 303.952.1220 rob.rudloff@rubinbrown.com

Audrey Katcher, CPA, CISA, CITP Partner Cyber Security Services Group 314.290.3420 audrey.katcher@rubinbrown.com

Cyber Security in the Next Decade

12