The attack surface has expanded dramatically as remote work and SaaS adoption create numerous vendor touchpoints with access to organizational data, systems and networks. Supply chain attacks exploit trusted update mechanisms while concentrated risk emerges when single-vendor outages cascade across dependent applications despite redundancy strategies. Financial institutions face regulatory accountability for outsourced data regardless of physical location, yet traditional point-in-time SOC 2 assessments create dangerous blind spots between reviews. Organizations must pivot from static vendor questionnaires to continuous external attack surface monitoring, demand transparency into fourth- and fifth-party dependencies, and conduct integrated incident response exercises testing primary vendor unavailability scenarios.

In this insightful discussion, Imran Khan of BNP Paribas will discuss:

• Real-world impacts of supply chain breaches in finance;
• Methods to perform rigorous vendor due diligence and monitoring;
• Strategies for managing fourth-party risk and systemic concentration.