Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Filter by Categories

Expert Insights on Third-Party Risk: Simplifying Cybersecurity Complexities

In this discussion, Salil Aroskar, a cyber risk management manager provides a deep dive into third party risk management and associated complexities. Focusing, on supply chains and external staffing, Salil highlights managing third party risk post-COVID-19. Amidst geopolitical tensions like the Ukraine war, Salil emphasizes the necessity of a comprehensive approach to understanding and mitigating risks associated with third parties.

Play Video

The discussion centers on supply chain risk management, with Salil explaining how effective third party risk management involves identifying and assessing risks from all vendors involved in delivering specific products or services. This includes understanding the entire supply chain, from suppliers to end users, and addressing risks comprehensively. The conversation also touches on the critical aspect of software supply chain risk management. It is particularly relevant as companies increasingly rely on open-source libraries and various software components developed by multiple vendors.


During the conversation, Salil highlights the cybersecurity complexities of external entities accessing sensitive company information and systems. External parties often contracted through other external entities can pose significant third party risks. Salil suggests treating external staff similarly to internal employees, including conducting thorough background checks. Moreover, providing necessary training, especially when they handle sensitive data. This approach mitigates third party risk by ensuring that we adequately vet and train all personnel.


The discussion also covers structural issues within organizations regarding third party risk management. It highlights the potential need for HR departments to manage external staff similarly to internal employees. This ensures consistency and proper handling of third party risks. This could involve creating a dedicated HR function for external staff management.


The conversation then explores the unique challenges of third party risk management in the context of mergers and acquisitions (M&A). Salil stresses the importance of involving information security teams early in the M&A process to assess and manage third party risks. Understanding the timeline for integration and extending security controls to the acquired entity are crucial steps. Additionally, the discussion highlights the cultural and operational risks associated with M&A. These risks extend beyond cybersecurity and require comprehensive risk management strategies.


Salil’s insights underscore the growing cybersecurity complexities in managing third party risks in today’s interconnected and globalized business environment. Addressing third party risks requires a thorough and proactive approach. Including, detailed risk assessments, continuous monitoring, and cross-departmental collaboration within organizations.



Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.