todd boehler, processunity: “even an attack at the far reaches of the supply chain can impact operations”
Cybernews Team Updated on: 06 August 2022
todd boehler, processunity: “even an attack at the far reaches of the supply chain can impact operations”

Lately, all you can hear about is cybersecurity, as more and more frequently this sensitive field is being publicized in the media.

Corporations tend to share their experience of a third-party data breach to show how much damage a hacker can actually cause with minimal access to an organization’s systems. Therefore, it is crucial to remember that there are other cybersecurity protection methods, tools, and services than just picking a VPN provider or creating a strong password.

To find out more about the importance of picking the right business partners, we invited Todd Boehler, Senior VP of Strategy at ProcessUnity, a platform that allows organizations to effectively manage and monitor risk from third-party vendors.

How did ProcessUnity originate? What has your journey been like?

From its inception, ProcessUnity has delivered configurable solutions for organizational risk and compliance. When we started selling made-to-order software, however, we quickly realized that the platform we had developed was powerful enough to be expanded into a full-featured SaaS solution to help companies mitigate third-party risk.

In my time at the company, I have seen ProcessUnity mature from the GRC industry’s best-kept secret to a widely recognized leader in third-party risk and cybersecurity performance management. The two biggest risks faced by any organization come from their vendors and their internal cybersecurity posture. By fine-tuning our software to address these sources out-of-the-box, we have come to provide the most intuitive, scalable, and secure risk solution on the market.

Can you introduce us to what you do? What are the main challenges you help navigate?

As the Senior Vice President of Strategy at ProcessUnity, it is my job to help organizations transition out of a manual third-party risk strategy and into an automated program that will scale with their organization’s growth.

When you track risk in spreadsheets, your organization is liable to lose information in a redundant stream of documents. In these cases, there is very low visibility across the organization – it’s impossible to get a complete picture of the organization’s risk, and what visibility you do have is hard-won through time-consuming manual processes.

When an organization decides to work with ProcessUnity, our Customer Success team helps evaluate their risk posture and configure our platform to fit their specific demands, so what was once an onerous process can now be completed in minutes.

Why do you think some organizations might not be aware of the security risks they are exposed to?

Organizations that manage their third-party risk manually lack the visibility necessary to build a comprehensive awareness of their security posture. Where ProcessUnity provides a platform for integrating third-party risk management into an organization’s business functionality, manual risk management siloes important information into a scattered series of documents.

Or, the organization struggles to manage risk on a legacy platform that has failed to keep pace with its growth. In these cases, it is just not feasible for a company to connect the dots and identify all sources of security risk. In fact, recent analyst research from GRC20/20 found that it might take an organization up to two hours per vendor to produce a risk report.

By contrast, ProcessUnity can produce the same kind of reporting in under a minute. The visibility that comes at the cost of expensive man-hours is neither comprehensive nor up to date.

How do you think the recent global events affected the way people perceive cybersecurity?

The war between Russia and Ukraine has highlighted the dramatic necessity of resilience across both vendor risk and cybersecurity risk management systems. Russian cyber warfare has compromised the security of multiple government systems in Ukraine, and experts warn that Russia could respond to sanctions with cyberattacks on American banks. Such attacks could have cascading consequences throughout an organization’s vendor population.

Even an attack on a vendor at the far reaches of the supply chain could negatively impact operations. Whether one looks at the economic effects of American sanctions or at the instability caused by Russian cyber-attacks, this conflict has made it startlingly clear that organizations whose risk management solutions do not provide real-time visibility and flexible configurations are not prepared to handle the challenges of our increasingly global future.

Out of all cyber threats floating around nowadays, which ones do you think have the potential to cause the most damage?

A new company falls victim to a ransomware attack every eleven seconds. While the reality of work-from-home has opened up a variety of insecurities in organizations’ security postures, ransomware attacks have become easier to execute. Instead of taking the time to develop their own software, hackers can exploit the vulnerabilities in trusted providers to access lucrative data. This means that these attacks have become more common, with cheaper operating costs and higher payouts than ever.

To stay on top of this growing risk, organizations need a solution that provides full visibility into their cybersecurity posture. By automating and consolidating key security processes, ProcessUnity’s Cybersecurity Performance Management gives organizations the tools they need to mitigate the risk posed by ransomware attacks.

What issues can an organization run into if it doesn’t have appropriate compliance certifications in place?

As the risk landscape expands, so does regulatory response to it. Mandatory breach disclosure policies and data privacy laws have been a strict focus lately. These regulations call into question both an organization’s compliance and that of its third parties. If compliance is breached, organizations stand to face steep financial and even criminal penalties.

On top of that, they may have a tarnished reputation on their hands. The trends lately have indicated that compliance must be a baseline for risk prioritization and third-party engagements. Bare-bones compliance with regulations and standards such as HIPPA, SOC, GDPR, and more is not enough for organizations to develop a truly impermeable security posture. Instead, organizations should focus on regulatory compliance as a starting point for well-rounded security practices throughout their vendor population.

In your opinion, which industries should be especially concerned with implementing quality risk management solutions?

Organizations in every industry can benefit from the implementation of a high-quality risk management program. While a comprehensive risk solution is absolutely imperative for industries like healthcare and finance, which necessitate both strict adherence to complex regulatory guidelines and the maintenance of a large vendor network, ProcessUnity has shown that even small organizations can see a return on their risk management investments in a little over a month.

With that in mind, the question is not, “Which industries should be concerned with risk management?” Instead, the question is whether your organization’s risk management solution is flexible enough to meet your industry’s needs. ProcessUnity is dedicated to configuring our solutions to meet our customers’ needs in as precise a manner as possible.

How can organizations make sure they pick a secure third-party vendor?

Vendor onboarding is an essential process for the maintenance of a healthy third-party risk management program, but it can also be expensive and time-consuming. One ProcessUnity customer counted 89 steps in their manual onboarding process before adopting ProcessUnity Vendor Risk Management—that means countless hours and an array of team members evaluating the security posture of a single vendor.

These manual assessments waste valuable time for both the organization carrying them out and the vendor being evaluated. Redundant or irrelevant questions clog the workflow on both ends and the complexity of carrying out such a process by hand heightens the risk of human error.

By contrast, the ProcessUnity Vendor Risk Management solution lightens the load for organizations and vendors alike: Its intelligent questionnaires add and drop items to reflect the vendor’s proximity to key systems and its security posture. Questionnaires are then scored automatically, increasing visibility across the onboarding process and enabling reporting for both organizations.

Would you like to share what’s next for ProcessUnity?

We are very excited about the future. The ProcessUnity vision is to eliminate all manual procedures for gathering and evaluating third-party and cybersecurity risks. We currently offer an industry-leading platform that makes these risk management processes less labor-intensive and more cost-effective.

As we continue to develop our platform, we are incorporating cutting-edge technologies like artificial intelligence and machine learning into our risk solutions, helping organizations get to risk decisions faster with less effort.

These developments, along with our investments in additional use cases for helping both procurement and cyber functions, will mature our product into a frictionless, integrated, framework-agnostic platform that continuously analyses data across all key risk domains.


Australia demands Optus pay for new customer ID documents

An Optus phone sign hangs above its store in Sydney, Australia, Thursday, Oct. 7, 2021. Australia’s federal and state governments on Wednesday, Sept. 28, 2022, called for Optus to pay for replacing identification documents including passports and driver’s licenses to avoid identity fraud after 9.8 million of the telecommunications ...

View more: Australia demands Optus pay for new customer ID documents

Cyberattacks a top concern across all business sizes, economic uncertainty a close second, new survey shows

Credit: Pixabay/CC0 Public Domain Cyberattacks are now so common that the majority of businesses responding to a new survey not only viewed them as their top concern but a majority saw a future attack on their organization as inevitable. An annual survey of businesses by insurance giant Travelers Cos., ...

View more: Cyberattacks a top concern across all business sizes, economic uncertainty a close second, new survey shows

Australian board directors urged to boost cybersecurity skills

Credit: Pixabay/CC0 Public Domain A University of Queensland study has identified a need to prioritize cybersecurity training for board directors, to better protect Australian organizations from cyber-attacks. Dr. Ivano Bongiovanni from the UQ Business School said his research found board directors were not always sure about their duties and ...

View more: Australian board directors urged to boost cybersecurity skills

Australian police probe purported hacker's ransom demand

A customer waits for service at a Optus phone store in Sydney, Australia, Thursday, Oct. 7, 2021. The Australian government said on Monday, Sept. 26, 2022, it was considering tougher cybersecurity rules for telecommunications companies after Optus, the nation’s second-largest wireless carrier, reported personal data of 9.8 million customers ...

View more: Australian police probe purported hacker's ransom demand

New report offers blueprint for regulation of facial recognition technology

Credit: Pixabay/CC0 Public Domain A new report from the University of Technology Sydney (UTS) Human Technology Institute outlines a model law for facial recognition technology to protect against harmful use of this technology, but also foster innovation for public benefit. Australian law was not drafted with widespread use of ...

View more: New report offers blueprint for regulation of facial recognition technology

Hackers leak French hospital patient data in ransom fight

Hackers who crippled a French hospital and stole a trove of data last month have released personal records of patients online, officials have confirmed. The cyberattackers demanded a multimillion dollar ransom from the Corbeil-Essonnes hospital near Paris a month ago, but the institution refused to pay. The hospital said the ...

View more: Hackers leak French hospital patient data in ransom fight

Python affected by 15-year-old bug that keeps on giving

In brief: The Python programming language is being impacted by security issue programmers have know about for a while. Trellix researchers recently rediscovered a bug, highlighting the risk for hundreds of thousands of software projects and creating patches for tens of thousands of them. Being one of the most ...

View more: Python affected by 15-year-old bug that keeps on giving

Quantum encryption to boost European autonomy

Credit: European Space Agency Cyberattacks and geopolitics threaten today’s increasingly digital world, leading to the disruption of essential supplies such as power and water. ESA, the European Commission and space companies in Europe are teaming up to work towards a highly secure, satellite-enabled connectivity system for the EU—based on ...

View more: Quantum encryption to boost European autonomy

Cyberattack steals passenger data from Portuguese airline

'Bad buzz': Gaming industry reels from 'Grand Theft Auto' hack

LA Unified cyberattackers demand ransom

Deepfake audio has a tell: Researchers use fluid dynamics to spot artificial imposter voices

Hackers accessed data on some American Airlines customers

'Grand Theft Auto' maker says game code stolen

Hackers are spreading malware through YouTube channels promoting game cheats

Color image encryption using an improved version of stream cipher and chaos

Hacker claims to breach Uber, security researcher says

Three questions about quantum computing and secure communications

EU wants to toughen cybersecurity rules for smart devices

FIFA 23 and other EA titles will come with controversial "kernel-mode" anti-cheat software


Top Car News Car News