惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
MyScale Blog
MyScale Blog
Jina AI
Jina AI
爱范儿
爱范儿
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
I
Intezer
The Cloudflare Blog
T
Threat Research - Cisco Blogs
G
Google Developers Blog
Stack Overflow Blog
Stack Overflow Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
D
Docker
AI
AI
Scott Helme
Scott Helme
Attack and Defense Labs
Attack and Defense Labs
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
L
LangChain Blog
Recent Announcements
Recent Announcements
Security Latest
Security Latest
Hugging Face - Blog
Hugging Face - Blog
W
WeLiveSecurity
Last Week in AI
Last Week in AI
Security Archives - TechRepublic
Security Archives - TechRepublic
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
P
Proofpoint News Feed
S
Securelist
S
Security Affairs
Project Zero
Project Zero
博客园 - 叶小钗
Google DeepMind News
Google DeepMind News
T
Tor Project blog
A
About on SuperTechFans
V2EX - 技术
V2EX - 技术
宝玉的分享
宝玉的分享
T
Tenable Blog
博客园 - 聂微东
人人都是产品经理
人人都是产品经理
Simon Willison's Weblog
Simon Willison's Weblog
Forbes - Security
Forbes - Security
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
V
V2EX
AWS News Blog
AWS News Blog
The GitHub Blog
The GitHub Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
P
Privacy & Cybersecurity Law Blog
阮一峰的网络日志
阮一峰的网络日志
I
InfoQ
C
CXSECURITY Database RSS Feed - CXSecurity.com
H
Hacker News: Front Page
美团技术团队

Forbes - Innovation

Why Do Humans Have Fingerprints? Hint: It’s Not What You Think Booking.com Confirms Data Breach, Reservation PIN Codes Changed Why Major News Sites Are Blocking The Internet Archive’s Wayback Machine iPhone Fold Release Date: New Report Details Frustrating Apple News Comet Tracker: How To See Pan-STARRS And Three Planets On Wednesday NYT Mini Crossword Today: Tuesday, April 14 Hints And Answers Today’s NYT Strands Hints, Spangram, Answers: Tuesday, April 14 (It’s A Little Unclear) Today’s Wordle #1760 Hints And Answer For Tuesday, April 14 Most Of The Microplastics In Urban Air Come From Tires Today’s Wordle #1759 Hints And Answer For Monday, April 13 NYT Mini Crossword Today: Monday, April 13 Hints And Answers NYT Pips Today: Hints, Answers And Walkthrough For Monday, April 13 The YC Chief Who Codes 10,000 Lines A Day Has A Simple Secret Samsung Expands One UI 8.5 Beta To More Galaxy Owners Why You Should Stop Using Your iPhone If It’s On This List Chamath Says Firms That Treat AI As A Strategy Hand Rivals Their Edge 3 Unexpected Habits Of Secure Couples, By A Psychologist The First Lamp That Folds Your Clothes Samsung’s Disappointing Price Update For Galaxy Phone Buyers 3 Subtle Signs Someone Is Falling In Love With You, By A Psychologist Do Mantis Shrimp See More Colors Than Humans? A Biologist Explains NYT Connections Answers Explained For Monday, April 13 (#1,037) NYT Connections Hints Today: Monday, April 13 Clues And Answers (#1,037) LEGO Luigi & Mach 8 (72050) Review: 2026’s Best Set Yet? Marc Andreessen Says AI Productivity Will Trigger A Hiring Boom 3D Printing Is The Ultimate Hack To Reduce Household Spending Apple iPhone Fold: Striking Design Revealed In Leaked Photos Apple Smart Glasses: New Leak Reveals A Major Design Twist To Beat Meta Tested: The AI Coming To The Rivian R2 Quordle Hints Today: Monday, April 13 Clues And Answers Companies And H-1B Employees Endure Immigration Waits At Consulates 3 Easy Ways To Turn Anxiety Into Sustained Focus, By A Psychologist Here’s The Most Affordable Humanoid Robot You Can Buy Now UFC 327 Results: 5 Biggest Takeaways From A Wild Night In Miami UFC 327 Results, Bonus Winners, Highlights And Reactions Dana White Announces Huge New Fight For UFC White House Today’s NYT Strands Hints, Spangram, Answers: Sunday, April 12 (Get Ready) Tesla ‘Model 2’ Rises From The Ashes Today’s Wordle #1758 Hints And Answer For Sunday, April 12 NYT Pips Today: Hints, Answers And Walkthrough For Sunday, April 12 Tyson Fury Vs. Arslanbek Mahkmudov Results: Highlights and Reaction NYT Mini Crossword Today: Sunday, April 12 Hints And Answers How Shadow AI Culture Is Destroying Your Business Venture Capital Funds That Market Like Startups Win More Deals Conor Benn Vs. Regis Prograis Results: Highlights and Reaction Samsung’s Disappointing Price Update For Galaxy Phone Buyers Artemis Reached The Moon. The Grid Can Reach The 21st Century A Biologist Explains How Archerfish Shoot Down Prey. Hint: Their Aim Rivals Human Throwing Is It Time For Apple To Forget About The MacBook Air NYT Connections Hints Today: Sunday, April 12 Clues And Answers (#1036) Trump’s 2027 Budget To Reshape U.S. Environmental And Energy Policy CDC Delays Reporting Of COVID-19 Vaccine Benefits—Here’s What To Know Oura Has Designed A Solution To A Big Smart Ring Problem Netflix’s Best New Show Has A Near-Perfect 95% Rotten Tomatoes Score Coachella 2026 Is Being Taken Over By Creator Streams Quordle Hints Today: Sunday, April 12 Clues And Answers This Startup Wants To Use AI To Help Digitize History How To Get The Best Shield In ‘Crimson Desert’ Microsoft Venom Attack Targets C-Suite Executives ‘Maul: Shadow Lord’ Sets Even More Star Wars Rotten Tomatoes Records 3 Ways Happy Couples Argue Differently, By A Psychologist Success For Leapmotor Might Have Negatives For Stellantis New Names Surface As Potential Rogue And Wonder Woman In The MCU And DCU 4 Reasons Artemis Mission Matters Even If You Think It Is Wasteful Fast ‘Crimson Desert’ Patch Adds New Moves, Shield Hiding And One Great Feature Why Do Humans Blush? An Evolutionary Biologist Explains The Signal We Can’t Control Apple iPhone Fold: Striking Design Revealed In Leaked Photos Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update iOS 26.4.1 Release: Crucial iPhone Feature Update Arrives, But No Security Fix Fury vs. Makhmudov Full Card, Ring Walk Times and How to Watch Can’t Stand Liquid Glass? This New Hidden iPhone Setting Is A Game-Changer Test-Driving The 2026 Changan Deepal S05: Italian Style Made In China NSA Warning—Reboot Your Internet Router Now Ways That Human-AI Collaboration Slides People Into ‘AI Brain Fry’ And Cognitive Downturns Stop Using These Networks—Google, NSA And TSA Warn NASA Changes Moon Plan: Landing Now Depends On SpaceX Or Blue Origin Samsung Expands One UI 8.5 Beta To More Galaxy Owners The Evolution Of Programmable Hardware At Xilinx NYT Mini Today: Saturday, April 11 Hints And Answers Today’s NYT Strands Hints, Spangram, Answers: Saturday, April 11 (You’re Putting Me On) Splashdown! NASA’s Artemis II Returns To Earth After Moon Mission Attention Is All You Need. The Human Kind Is Still The One That Counts Today’s Wordle #1757 Hints And Answer For Saturday, April 11 NYT Pips Today: Hints, Answers And Walkthrough For Saturday, April 11 Android Circuit: Galaxy S27 Pro Emerges, Honor 600 Pre-Order Offers, Pixel 11 Display Leaks Apple Loop: iPhone 18 Pro Leak, Urgent iOS Update, MacBook Neo Issues Morgan Stanley Has Mostly Positive Outlook On Tesla Robotaxi, FSD V15 Running Out Of AI Tokens Faster Than Ever? Here’s Why CoreWeave Shares Pop 13% After Anthropic Deal ‘Euphoria’ Season 3’s Rotten Tomatoes Score Crashes, Has Lost Key Player People Don’t Agree On What AI Can Do, But They Don’t Even Use The Same Product ‘Overwhelming’—Google Issues Gemini Update For Gmail Users NYT Connections Hints Today: Saturday, April 11 Clues And Answers (#1035) Quordle Hints Today: Saturday, April 11 Clues And Answers The Costly Dream Of Space-Based AI Infrastructure Can You See The Watcher In This ‘Daredevil: Born Again’ Shot? Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update You Just Watched The Backdoor Pilot For ‘The Pitt: Night Shift’ Are Nicotine Pouches Like Zyn And VELO Safe To Use? A Doctor Answers Human Resources (HR) Is The Key To AI Success Per WalkMe ( SAP)
The Cybersecurity Gap No One Owns: You’re Securing The Wrong Perimeter
Prajkta Wadi · 2026-05-08 · via Forbes - Innovation

Prajkta Waditwar, senior technology sourcing Manager at Box, focused on AI strategy, vendor ecosystems and procurement innovation.

getty

Cybersecurity spending is approaching $240 billion globally, according to Gartner, yet breach costs are nearing $5 million per incident based on IBM’s latest data. If investment is rising and tooling is improving, the obvious question is: Why aren’t outcomes?

From where I sit, working across technology sourcing and vendor strategy, the issue isn’t effort. It’s that most organizations are still securing a perimeter that no longer exists.

The enterprise boundary has dissolved. What remains is a constantly shifting network of vendors—cloud providers, SaaS platforms, data processors and AI systems embedded directly into how work gets done. IBM reports that supply chain attacks have surged significantly in recent years, reflecting how deeply vendor dependencies now shape enterprise risk.

And yet most security strategies still start inside the organization.

Where Risk Actually Gets Decided

Cybersecurity typically shows up after the fact—after a system is deployed, after a vendor is onboarded, after data is already flowing.

But risk doesn’t start there. It starts much earlier, in decisions that don’t get labeled as security decisions at all. It’s in the moment a team selects a vendor to move faster. It’s in how much access that the vendor is given. It’s in how deeply that tool gets integrated into critical workflows.

I’ve seen this pattern play out repeatedly across organizations—what starts as a controlled vendor decision quietly turns into a critical dependency. A vendor is introduced for a narrow use case—limited scope, controlled access. Over time, it expands. It connects to additional systems, handles more sensitive data and becomes embedded in operations. No single step feels risky. But the accumulation is. By the time anyone pauses to reassess, the organization is no longer choosing that vendor—it’s depending on it.

The Myth That Vendor Risk Stays At The Edge

There’s still a tendency to think of third-party risk as something that can be contained at the boundary. That boundary doesn’t really exist anymore.

Vendors don’t stay external. They become operational. They sit inside workflows, handle core data and often have privileges that mirror internal systems. SecurityScorecard has found that nearly all organizations are connected to third parties that have already experienced a breach. That’s not an outlier—it’s the baseline.

What’s changed is not just the number of vendors but the depth of integration. When something breaks, it doesn’t show up as a vendor issue. It shows up as a business problem (downtime, data exposure, customer impact, etc.). And at that point, the organization has very little leverage to quickly reduce that dependency.

That’s where most teams realize the problem too late.

In practice, I’ve rarely seen these dependencies unwind easily once they reach that level of integration.​

The Function That Sees It First—And Gets Used Last

One of the most underutilized control points in cybersecurity today is procurement. It’s still treated as a transactional function that's focused on cost and contracts. In reality, it has one of the clearest views into how external dependencies are introduced and expanded across the business.

Procurement sees patterns early—how vendors are being adopted across teams, how contracts are structured and how access evolves over time. When it’s involved early, the conversation changes. It’s no longer just “Does this tool meet requirements?” It becomes “What happens if this becomes critical?” and “How easily can we exit this relationship?”

Those questions tend to surface later, when the answers are far more constrained.

There’s also a structural issue that doesn’t get enough attention: enforceability. Many organizations still report gaps in third-party risk management tied to weak or unclear contractual controls, as highlighted in Deloitte’s research. I’ve seen situations where risks were well understood internally, but the organization lacked the contractual leverage to act decisively.

At that point, awareness isn’t the problem. Control is.​

Speed Isn’t The Problem—Structure Is

It’s easy to blame speed, especially with how quickly AI tools are being adopted across organizations. But speed isn’t what’s breaking most environments. Lack of structure is.

In organizations with clear guardrails—standard vendor requirements, defined access models and consistent evaluation paths—teams move faster because they don’t have to renegotiate risk every time. Where things break down is when adoption is fast and unstructured. Tools get introduced outside formal processes. Data flows aren’t fully understood. Integrations stack on top of each other.

Most modern exposures stem from misconfigurations and unmanaged assets, many of which are introduced through third-party integrations, according to Palo Alto Networks. AI is accelerating this pattern by making it easier to adopt tools that process and move sensitive data without full visibility up front.

By the time these dependencies are discovered, they’re already embedded. At that point, you’re not governing risk—you’re working around it.

In my experience, this is where most organizations lose visibility—when adoption outpaces structure.​

Moving The Starting Point Of Cybersecurity

The organizations that are getting ahead of this aren’t necessarily the ones with the most tools or the largest budgets. They’re the ones that have shifted where cybersecurity begins.

They’ve moved the cybersecurity upstream—closer to the decisions that introduce risk in the first place. They’ve aligned vendor adoption with ​governance, instead of treating them as separate tracks that meet too late.

​​​In my experience, getting closer to those decisions starts with shifting from a reactive review role to an embedded one. Cybersecurity leaders should be involved earlier in vendor selection, architecture discussions and even budget approvals—not just final sign-offs. That means partnering closely with procurement and business teams, setting clear baseline requirements up front and making security part of how decisions are made, not something applied after. The goal isn’t to slow things down but to shape choices while they’re still flexible—when risk can actually be designed out, not just managed later.

Because cybersecurity doesn’t begin with a threat. It begins with a decision. And if your security strategy starts after a vendor is already embedded in your operations, you’re not managing risk—you’re inheriting it.


Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?