Kenvue

Transcript:

I’m David Merritt. I’m the director of defensive analytics in the cyber organization of Kendu.

Our program looked a lot like a lot of other companies in in this space who have a large supplier base. It was heavily reliant on questionnaires. In Kenview, we are trying to be tech forward, and the reason why is because we want to have our high quality human talent focused on the most important wicked problems. Our third party cyber risk program was one of those pain points that we wanted to fix.

So we approached the problem about a year ago, with the idea that we can automate a lot of this so long as we have the right kind of data. With SecurityScorecard, we found that we had plenty of data to go on, and there was really broad coverage across our supplier base. But in real time, we can pull a security scorecard score on that supplier through API and combine that with our our impact model and internal machine learning model that we use and we built. And we in real time, we can come up with an impact score, a likelihood score, and predict an overall risk score.

SecurityScorecard really opened the doors for my team to to see and believe that automation with the right data and the right analysis backing it can really be a game changer.

It’s really hard to predict cybersecurity posture. It’s really hard to predict cybersecurity compromises. But we believe that with our data, we can look at a portfolio level and say things like, if we have ten suppliers with this risk score, then there’s a ninety percent chance that one of them will be compromised over the next twelve months. We definitely would recommend SecurityScorecard, and the reason why is because there’s a wealth of data that they have, and their data is accessible through API. Those things sound simple, but for for a company that wants to automate using good data, a lot of your cyber risk assessment programs, SecurityScorecard is a great option to help you get there.