With SolarWinds, Accellion, Kaseya, and Log4j, the world realized that third-party suppliers are a key vector of cyber risk. We spoke with MassMutual CISO Ariel Weintraub about how firms need to go beyond third-party risk management to focus on supply chain resiliency, and the different thinking required to effectively build it.
Third-party risk management and supply chain resiliency are sometimes used interchangeably; however, both require different approaches. Business resiliency and IT resiliency have traditionally been managed separately — now, with cyber attacks cited as the main reason suppliers go dark, it is not enough to rely on third-party risk assessments alone. IT and cyber teams, as well as the business itself, will need to speak candidly about the risk tolerance and comfort level in shutting off a key supplier when an incident occurs.
© 2023 FS-ISAC, Inc. All rights reserved.
Ariel Weintraub is the CISO & Head of Enterprise Cyber Security at MassMutual. Ariel joined MassMutual in the fall of 2019 as the Head of Security Operations & Engineering, responsible for the...Read More
Global Security Operations Center, Security Engineering, Security Intelligence and Identity & Access Management (IAM). Prior to joining MassMutual, Ariel served as Senior Director of Data & Access Security within Cybersecurity Operations at TIAA where she led a three-year business transformation program to position IAM as a digital business enabler. Before working at TIAA, Ariel was Global Head of Vulnerability Management at BNY Mellon and was part of the Threat & Vulnerability Management practice at PricewaterhouseCoopers (PwC). Ariel holds a Master of Science in Cybersecurity from New York University (NYU) Tandon School of Engineering and a Bachelor of Science in Business Administration from the University of Southern California (USC) Marshall School of Business. Ariel has a passion for empowering women, especially the next generation of female cybersecurity leaders, and for tackling the cybersecurity workforce shortage. To help address these important issues, she serves on the Board for the Executive Women’s Forum (EWF) and the ISACA One in Tech Foundation, which is focused on building a digital world that is safe, secure and accessible for all. Most recently, Ariel also joined the FS-ISAC Board of Directors on which she is furthering her other passion for maximizing the value of threat intelligence sharing across the financial services sector.