Sign up to save your podcasts
Or
Share The Hidden Dangers in Your Supply Chain with SecurityScorecard's Aleksandr Yampolskiy
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The Hidden Dangers in Your Supply Chain with SecurityScorecard's Aleksandr Yampolskiy
SecurityScorecard CEO Aleksandr Yampolskiy joins Cyber Focus to warn that third-party risk is now the dominant cybersecurity epidemic. With just 150 companies responsible for 90% of the global attack surface, a single compromise can ripple across sectors and continents. He and host Frank Cilluffo explore the cascading risks of software dependencies, fourth- and fifth-party exposure, and the challenges of shadow IT and shadow AI. Yampolskiy outlines where companies fall short on governance and calls for outcome-driven oversight, not just busywork. They also discuss how AI can be both a vulnerability vector and a force multiplier for defense.
Main Topics Covered • Third-party breaches now account for 65% of cyber incidents globally • Only 150 companies comprise 90% of the global attack surface • The risks of shadow IT and "shadow AI" leaking sensitive data • Systemic vulnerabilities in critical infrastructure like U.S. ports and healthcare • Limitations of compliance-driven approaches without continuous risk measurement • The need for clear governance, outcome-oriented metrics, and board-level engagement
Key Quotes "65% of data breaches today happen through use of a third party. Hackers go after one weak link." — Aleksandr Yampolskiy
"150 companies' products comprise 90% of a global attack surface. So if one of those companies gets compromised, all of a sudden, you can compromise almost everybody." — Aleksandr Yampolskiy
"You can be fully compliant with all the regulations, but not secure. Or you could be really secure but not compliant." — Aleksandr Yampolskiy
"An employee takes [the] general ledger or... some sensitive corporate information, uploads it to ChatGPT—or worse, to [a model] in China—gets a beautiful response, looks like a champion... but then you just leaked sensitive information from a company and nobody knows about it." — Aleksandr Yampolskiy
"Our ability to network has far outpaced our ability to protect networks." — Frank Cilluffo
Relevant Links and Resources • SecurityScorecard Research
Guest Bio Aleksandr Yampolskiy is the Co-Founder and CEO of SecurityScorecard, a global leader in cybersecurity ratings and risk management. A former CISO and CTO, he has led the company since 2014 in helping tens of thousands of organizations—including half of the Fortune 100—measure and strengthen their cyber resilience.
View all episodes
By McCrary Institute
5
1818 ratings
SecurityScorecard CEO Aleksandr Yampolskiy joins Cyber Focus to warn that third-party risk is now the dominant cybersecurity epidemic. With just 150 companies responsible for 90% of the global attack surface, a single compromise can ripple across sectors and continents. He and host Frank Cilluffo explore the cascading risks of software dependencies, fourth- and fifth-party exposure, and the challenges of shadow IT and shadow AI. Yampolskiy outlines where companies fall short on governance and calls for outcome-driven oversight, not just busywork. They also discuss how AI can be both a vulnerability vector and a force multiplier for defense.
Main Topics Covered • Third-party breaches now account for 65% of cyber incidents globally • Only 150 companies comprise 90% of the global attack surface • The risks of shadow IT and "shadow AI" leaking sensitive data • Systemic vulnerabilities in critical infrastructure like U.S. ports and healthcare • Limitations of compliance-driven approaches without continuous risk measurement • The need for clear governance, outcome-oriented metrics, and board-level engagement
Key Quotes "65% of data breaches today happen through use of a third party. Hackers go after one weak link." — Aleksandr Yampolskiy
"150 companies' products comprise 90% of a global attack surface. So if one of those companies gets compromised, all of a sudden, you can compromise almost everybody." — Aleksandr Yampolskiy
"You can be fully compliant with all the regulations, but not secure. Or you could be really secure but not compliant." — Aleksandr Yampolskiy
"An employee takes [the] general ledger or... some sensitive corporate information, uploads it to ChatGPT—or worse, to [a model] in China—gets a beautiful response, looks like a champion... but then you just leaked sensitive information from a company and nobody knows about it." — Aleksandr Yampolskiy
"Our ability to network has far outpaced our ability to protect networks." — Frank Cilluffo
Relevant Links and Resources • SecurityScorecard Research
Guest Bio Aleksandr Yampolskiy is the Co-Founder and CEO of SecurityScorecard, a global leader in cybersecurity ratings and risk management. A former CISO and CTO, he has led the company since 2014 in helping tens of thousands of organizations—including half of the Fortune 100—measure and strengthen their cyber resilience.
More shows like Cyber Focus
View all
Pivot
9,626 Listeners
Security Now (Audio)
2,007 Listeners
Risky Business
375 Listeners
War on the Rocks
1,081 Listeners
CyberWire Daily
1,023 Listeners
The Daily
112,746 Listeners
Darknet Diaries
8,050 Listeners
Cybersecurity Today
178 Listeners
Post Reports
5,459 Listeners
POLITICO Tech
387 Listeners
All-In with Chamath, Jason, Sacks & Friedberg
9,904 Listeners
Cyber Security Headlines
137 Listeners
Hard Fork
5,504 Listeners
The Ezra Klein Show
16,101 Listeners
Sources & Methods
781 Listeners