Breaking News
finance & economy

SLVA and Black Kite join forces to protect businesses from third-party cyber risks

March 16, 2023

SLVA Cybersecurity has announced a new partnership with Black Kite is positioned to analyze and secure South African organizations from cyber attacks.

Security threats are nothing new in the digital age, but one danger companies need to be more aware of today is the growing security threat that is connected risk, or to put it another way, the impact of third-party breaches.

This is a significant consideration for organisations given that no fewer than one in four organisations suffered from a cyber attack in the last year that resulted in production, reputation and financial losses, notes Patrick Evans, CEO of SLVA Cybersecurity.

“SLVA Cybersecurity is pleased to officially partner with Black Kite, a company that is redefining vendor risk management with the world’s first global third-party cyber risk monitoring platform, built from a hacker's perspective,” he says.

With vulnerabilities constantly emerging that are quickly exploited by cybercriminals, and a lack of due diligence in certain industries leading to breaches, it is clear that both the threats and the potential attack vectors will continue to evolve.

Considering how quickly both the attack surface and the threat environment are evolving, many chief information security officers (CISOs) find it challenging to keep track of their entire security posture, adds Evans.

“The real problem is that cybercriminals attack companies via third parties - essentially ‘island-hopping’ their way into target organisations. Black Kite’s solution is designed to help the CISO gain awareness of what is most relevant in the threat landscape, across their organisation, and crucially, potential third-party risks. The solution’s reporting mechanism gives concise and actionable insight into which areas an organisation is doing well in their cybersecurity approach, and which areas require immediate attention to protect what matters.”

“Unsecured external-facing assets, such as databases and servers, pose a major risk to businesses. This risk increases significantly when it is a third party managing the data on behalf of a company, or even within a shared responsibility agreement,” he says.

It should also be noted that attacks do not discriminate between private and public sector entities - in fact, databases in the public sector are quite often out of date and remain unpatched, while typically also having a wide attack surface - leaving behind a weak defence strategy and therefore an easy target.

Evans explains that Black Kite is a non-intrusive intelligence-gathering platform that identifies critical vulnerabilities, pinpoints compliance gaps, quantifies cyber risk in financial terms, and can detect the likelihood of a ransomware attack with high-fidelity data.

“Using data and machine learning, Black Kite's RSI™ is able to discover the likelihood that an organisation will experience a ransomware attack, by providing a multi-dimensional view of third-party risk,” says Evans.

Ransomware and unauthorised network access are two of the most common types of attack. The latter generally involves leveraging or cracking weak passwords and taking advantage of any vulnerabilities present in access control.

“Having a strong defence strategy means carefully monitoring an entire cyber ecosystem, as opposed to ‘cherry picking’ vendors based on assumed importance,” explains Evans. A holistic approach to vendor risk management requires intelligence from every angle. Black Kite’s protection goes beyond simple self-monitoring, instead taking the time to ensure that every last vendor is monitored for vulnerabilities.

“SLVA’s partnership with Black Kite is one that we believe will assist in improving the health and safety of the entire planet's cyber ecosystem, thanks to its use of the industry’s most accurate and comprehensive cyber intelligence,” he adds.

“While other security ratings service providers try to narrow the scope, Black Kite provides the only standards-based cyber risk assessments that analyse your company’s supply chain cybersecurity posture from all three critical dimensions: namely technical, financial and compliance,” says Evans.