Third-party relationships can add significant value to a business, but they can also come with their own set of risks. When an incident impacts a company’s clients, it doesn’t matter if it was caused by a third party – customers will hold an organisation responsible for the harm. When a company’s reputation and financial stability are on the line, they need to have a handle on managing third-party cybersecurity risks. They need an understanding of the cybersecurity and resilience of their third parties. Most importantly, they need to know whether a third-party partner is providing adequate security and protection for their sensitive data.
Kroll's Third-Party Cyber Risk Management (TPCRM) services can provide a comprehensive view of risks that supports robust cybersecurity strategies and regulatory compliance. Our team has unique insight that can only be obtained from in-house experience managing third-party risk and responding to over 3,000 different cyber incidents a year using cutting edge technology.
All TPCRM solutions offered by Kroll are designed to be transparent and produce actionable solutions. Our practical approach ensures clients have the strategic foundation they need to strengthen relationships and improve confidence in partnerships with vendors and other third parties.
We’ve designed our vendor risk management services to deliver an in-depth evaluation of the security risks posed by third-party organisations. Our core services are listed below.
CyberClarity360™ is a highly advanced technology solution that helps organisations assess and monitor the security and resilience of their third-party partners. The CyberClarity360™ platform quantifies cyber risks through a transparent scoring and analysis system designed to deliver unique insights and identify areas of risk that might otherwise be overlooked – both at the control level and on a portfolio-wide basis –to help organisations make informed decisions.
CyberClarity360 is a widely recognised solution trusted by some of the largest organisations in the world – including companies listed on the Fortune 50 and FTSE 100 – to effectively manage third-party cyber risks.
By using CyberDetectER DarkWeb CyberDetectER® DarkWeb to track third-party data on the dark web, an organisation can potentially identify exposures stemming from vendors, suppliers, or other third-party partners.
For example, CyberDetectER DarkWeb detected the disclosure of some highly confidential and privileged documents belonging to a Kroll client, a Fortune 100 global financial services firm, on public peer-to-peer (P2P) file-sharing networks. Our team traced the source of the disclosure and determined that a paralegal at one of the client's outside law firms had unintentionally disclosed the information while accessing free media on P2P networks. Had these files remained accessible, they could have lost their privileged classification and become subject to discovery by opposing counsel, potentially exposing the client’s legal strategy.
Kroll offers advisory services advisory services in Singapore, Hong Kong, across Asia and worldwide to support CISOs and organisations in developing their cybersecurity strategies and programmes. We also assist with setting and monitoring TPCRM programs, providing security assessments and remediation guidance, assessing on-premise and cloud security solutions, mapping data, developing incident response plans, personnel training and others services related to third-party risks.
We will perform a comprehensive assessment a third party's security programme, focusing on their ability to defend against and respond to cyber threats and mitigate the risks of suffering a security breach. Kroll uses industry standard security frameworks – including NIST, CIS Controls™, ISO, etc. – and compliance with relevant regulatory requirements, including Singapore’s Personal Data Protection Act (PDPA) including the Monetary Authority of Singapore’s Technology Risk Management Guidelines (MAS TRM); Hong Kong’s Personal Data Privacy Ordinance (PDPO); the Bank Negara of Malaysia’s Risk Management in Technology policy (RMIT); and the EU General Data Protection Regulation (GDPR), among others.
Our penetration tests are designed to simulate real-world attack scenarios to attempt unauthorised access to an organisation’s assets. We conduct internet reconnaissance to identify publicly accessible information that might aid an attack as part of the testing. Targeted phishing exercises are also included.
Kroll’s vulnerability tests determine whether there are vulnerabilities in an organisation’s data security program that could be exploited by attackers. We use state-of-the-art vulnerability assessment tools to identify potential security weaknesses in the organisation’s environment.
The success of Kroll’s end-to-end TPCRM solutions is fueled by our unrivaled expertise in cyber risk management and the frontline insights obtained by responding to more than 3,000 cyber incidents a year. Our clients also benefit from our vast experience ensuring compliance with a host of regulatory systems, including European data protection laws, US HIPAA, PCI DSS, CASL, and Hong Kong's DPO Principle 4, among others. The professionals on Kroll’s Cyber Risk team have decades of experience handling data security in a wide range of industries and serving in a number of international law enforcement and regulatory agencies:
Protect your reputation and bottom line with Kroll’s third-party cyber risk management services. We can help you assess, identify and remediate with confidence. Speak with one of our experts today.
Kroll goes beyond the typical incident response retainer—we offer clients a true cyber risk retainer to provide elite digital forensics, incident response, and proactive security capabilities with maximum flexibility.
Activate experienced, local cyber incident response specialists to quickly investigate and eradicate any type of threat, incident, or data breach.
Whether responding to a security incident, forensic discovery demand, or an investigation, Kroll’s experienced forensic experts provide unmatched litigation support to help clients win cases and mitigate their losses.
Kroll’s team of computer forensics experts can assist at any stage of an investigation or litigation to ensure no digital evidence is overlooked, regardless of the number or location of data sources.
Confidentially investigate cases of employee and third-party misconduct, including malicious and negligent digital activities.
Kroll’s cyber risk experts can effectively determine whether data was compromised and to what extent. By gathering and uncovering actionable information, we leave our clients are better prepared to manage future incidents.
Kroll’s elite security leaders deliver rapid responses for over 3,000 incidents per year, with the resources and expertise to support the entire incident lifecycle, including litigation demands.
by Kevin Braine, Mariellen Davies-DeMarco, Tom Everett-Heath, Michael Watt
by Yvette Gabrielian, Ryan Spelman
by Ryan Spelman