Ahmed Afifi
Cybersecurity GRC Head
SPARK Engineering Consultants
Cybersecurity GRC Head with 14+ years in banking, telecom, and consulting. driving risk, compliance, and regulatory alignment ISO 27001, NCA ECC, PCI DSS, PDPL. Awarded CISO Rising Star, Vodafone Think Agile; frequent TEDx & PECB speaker
Speaker sessions
From Assessments to Incidents: The Real Face of Third-Party Risk in Financial and Government Supply Chains
Despite widespread adoption of third-party risk assessments, breaches stemming from vendors are still rising. This session explores the critical misalignments between third-party governance frameworks and real-world threat activity, particularly in highly regulated sectors such as banking, fintech, and government contracting. Drawing on 13 years of cybersecurity GRC experience and recent forensic investigations, the presentation breaks down the anatomy of actual incidents that bypassed “compliant” vendor checks.We’ll dissect how overreliance on checklist audits, misclassified criticality tiers, and weak contract clauses allow risky suppliers to persist. Using anonymized case studies, we trace the chain of exploitation ,from initial compromise in a vendor’s SaaS tool to downstream data exposure and regulatory fines for the primary organization.The session provides a maturity-aligned methodology for third-party cyber risk management that goes beyond surface-level due diligence. Key frameworks referenced will include NIST 800-161, ISO 27036, and country-specific mandates like Saudi Arabia’s NCA ECC and Egypt’s CBE cybersecurity standards.Attendees will gain insights on evolving threat modeling to factor in vendor behavior, conducting breach-driven reassessments, and building response plans that include third-party scenarios
- 13:00
- Thu
- 04 Dec
Stage:
Briefings 1
Sessions Type:
Presentation