A large Oil & Gas company had concerns about maintaining supply chain risk resilience and managing cyber security risks across its increasingly complex third-party network. As cybercriminal groups targeting the industry is on the rise, this is a very real issue. The company lacked an effective supplier onboarding process, and therefore had no clear understanding of its suppliers’ inherent risk. Key risks identified included:
- Failure to properly assess and understand the risks and direct and indirect costs involved in third-party relationships
- Failure to perform adequate due diligence and ongoing monitoring of third-party relationships
- Entering into contracts without assessing the adequacy of a third party’s risk management practices
The company’s Board decided it would need to retain consultants to design, implement, and execute a more robust third-party risk management program using a variety of technologies and subject matter expert resources.
Fortress deployed its advisory team to build upon and enhance the company’s risk management program while Fortress’ delivery team incorporated their technology and managed services to execute the program. Using its Data-Driven Risk Rank methodology and technology, Fortress classified the inherent risk of the company’s vendor population, then delivered comprehensive Security Risk Assessments on a subset of the most critical and high-risk suppliers. Fortress provided expert managed services, collecting, assessing, and reporting the risk management program through automated and orchestrated channels, giving the board full transparency and guidance throughout the process. Continuous monitoring, threat intelligence, and dashboards provided visibility to help mature the capabilities of the company’s cyber risk management program.
- Built process for identifying cyber risk and resilience within the company’s complex supply chain, protecting both upstream and downstream.
- Dedicated, highly qualified team of subject matter experts in place quickly, with ability to understand company’s supply chain risk starting on Day 1.
- Flexible capacity planning model to mature the company’s cyber resiliency program.
- Full transparency dashboards to benchmark and communicate program health and remediation obstacles to stakeholders. The dashboards were enabled by the Fortress Platform.