Episode 58

full
Published on:

30th Oct 2024

Insider Threats & Third Party Risk: How to Manage Security Threats

Every vendor you trust and every employee you hire could be your next security crisis—explore the realities of third party risk and insider threats on this episode of Razorwire!

Join us for a discussion on the multifaceted challenges of third party risk and how they can destabilise your organisation. From the growing complexities of cloud providers like AWS and Azure to detecting and dealing with insider threats, our conversation covers it all. 

My esteemed guests, Razorwire favourites Iain Pye and Chris Dawson, share their perspectives on the right to audit third parties and how shifts in business models and changing workplace culture impact our security postures. 

We also break down a case study involving indemnity and insurance settlements following a breach incident, providing you with practical takeaways for enhancing your own security protocols.

Key takeaways:

Strengthen Your Third Party Risk Management

  • Implement contractual audit rights early in vendor relationships
  • Develop resilience plans for vendor service failures
  • Understand the risks of supply chain dependencies (third parties of third parties)
  • Plan for scenarios where key service providers might fail or be compromised

Understand and Mitigate Insider Threats

  • Identify different types of insider threats (accidental, disgruntled employees, corporate espionage)
  • Monitor for behavioural changes and suspicious activity patterns
  • Implement ongoing background checks and security clearance reviews
  • Balance monitoring with employee privacy and company culture considerations

Address Modern Security Challenges

  • Evaluate the cost-benefit trade-offs between in-house and outsourced services
  • Implement monitoring solutions that correlate data from multiple sources
  • Develop security strategies that account for both human and technical factors
  • Create comprehensive risk assessments that include both internal and external threats

Join us on Razorwire as we untangle the complexities of third party risk and insider threats, providing you with actionable insights to fortify your organisation's cyber defences.

On the inevitability and scale of third-party breaches: 

"It's inevitable. You're gonna have a third party breach. There's about, what, 10 a day... You could do all the due diligence in the world and all the security checks about this. You could have a very robust vendor risk management, whatever you wanna call it. At the end of the day, it's gonna take one little, maybe insider threat on the third party side, and that will cause a breach." 

Iain Pye

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen


In this episode, we discuss:

Implementing Third Party Audit Rights: Secure your organisation by establishing robust audit rights in vendor contracts before engagement begins.

Evaluating Cloud Provider Stability: Assess and mitigate risks when selecting cloud providers by verifying their financial stability and data migration capabilities.

Preventing Insider Security Breaches: Distinguish and protect against both intentional and accidental internal security threats through targeted controls.

Building a Strong Security Culture: Foster an environment where employees actively report and respond to security warnings rather than normalising them.

Managing Employee-Related Risks: Develop strategies to identify and address employee dissatisfaction before it becomes a security threat.

Controlling Access Privileges: Implement strict access management protocols to prevent credential misuse and unauthorised access sales.

Managing Supply Chain Security: Build resilience into your supply chain by mapping dependencies and establishing clear liability frameworks.

Implementing Comprehensive Behavioural Monitoring: Deploy systems that analyse multiple data sources (login patterns, email access, data transfers) to identify suspicious user behaviour patterns.

Protecting Against Espionage: Apply updated legal frameworks like the UK National Secrets Act to safeguard intellectual property and sensitive information.

Deploying Dynamic Security Monitoring: Establish continuous monitoring systems for both employees and third parties to detect threats early.


Resources Mentioned


Other episodes you'll enjoy

Cybersecurity Burnout and Organisational Culture with Yanya Viskovich & Eve Parmiter

https://www.razorthorn.com/cybersecurity-burnout-and-organisational-culture-with-yanya-viskovich-eve-parmiter/


The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Black

https://www.razorthorn.com/the-art-of-cyber-deception-how-to-get-inside-the-mind-of-a-hacker-with-rob-black/


Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.


Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com


Loved this episode? Leave us a review and rating here


All rights reserved. © Razorthorn Security LTD 2025

Next Episode All Episodes Previous Episode

Listen for free

Show artwork for Razorwire Cyber Security

About the Podcast

Razorwire Cyber Security
Real conversations helping cybersecurity professionals sharpen their insights, strategy & leadership skills.
🔒 Cybersecurity is evolving — and so should you. Razorwire brings the open conversations that give you the edge.

Welcome to the Razorwire podcast — your resource for practical advice, expert insights, and real-world conversations on cybersecurity, information security (InfoSec), risk management, governance, security leadership, human factors, and industry trends.

Our mission is to help you build a stronger cybersecurity career while supporting a dynamic, agile community of professionals committed to continuous improvement.

Each episode brings you actionable advice and real experiences from your host, James Rees — an information security specialist with over 25 years of experience — and from a range of respected guests across the cybersecurity industry. Together, we explore everything from technical strategies and compliance challenges to security culture, communication skills, and leadership development.

James Rees is the founder of Razorthorn Security, providing expert consultancy and testing services to a wide range of organisations, including many Fortune 500 companies. His practical, no-nonsense approach helps organisations manage cyber risks effectively while strengthening resilience.

The Razorwire podcast is designed for cybersecurity professionals who want to stay ahead, sharpen their skills, and confidently respond to the challenges of today's evolving threat landscape. We believe collaboration is key to stronger security — and Razorwire gives you the conversations that help you achieve it.

For more information about us, or if you have questions you'd like discussed on the show, email podcast@razorthorn.com or visit www.razorthorn.com.