How Real-Time News Data Augments Third-Party Risk Intelligence

Posted on March 7, 2021 by Ran Geva

read the article

Global enterprises in our interconnected world today cannot exist without third parties. They give enterprises access to specific skills and expertise unmatched in the industry.  They also allow them to scale to reach targets and geographic regions they wouldn’t be able to on their own. 

But with these opportunities come costs. More third party vendors means more susceptibility to risk. Not only have third party risks today increased, they’ve also widened in scope. Once limited to reputational risk or brand monitoring, the definition today has broadened. Operational, technology, and supply chain risks are now constant threats to an enterprise. 

Fortunately, third-party risk monitoring systems are in place to monitor these risks. 

Unfortunately, many organizations don’t feel their systems are successfully monitoring these third-party risks.

Why do global enterprises continue to struggle with third-party risk management? And how can external sources such as news data or a designated news API to help them meet these challenges?  

1) It is difficult to get access to high-quality third-party data

Enterprises today have limited access to third-party internal data:  According to a recent Deloitte survey, this is a challenge for enterprises regardless of the specific industry.

That’s because enterprises don’t have the same access to internal data with their third-parties as they do with customers. They also don’t have the same monetary incentives to motivate their third parties to offer them data. So it’s crucial that third-party risk management consider new data sources, like news data.  

A brand’s reputational risk can be suddenly harmed by adverse media or past and pending lawsuits. Monitoring these types of news items continuously can help mitigate third-party threats. 

Here’s a query that you could use to find adverse media related to the Nikon brand entity. 

article.organization.negative:nikon

Geographic disasters, terrorist attacks, or political instability also contribute to third-party risk. They can quickly cause increased risk to a brand’s operational or supply chain.

Here’s a query that helps third-party risk monitoring identify travel risks associated with third parties. This query from Webhose’s Enriched News API  finds news indicating emerging threats in a particular location. In this case, it’s Abuja, the capital of Nigeria.

article.category:(disaster OR accident OR security OR “social problems” OR conflict) AND article.location:”Abuja” AND sentiment.irony:false AND sentiment.polarity:(negative OR “strong negative”)

These are just a few examples of queries organizations can use for monitoring their third-party risk in real-time.

2) The categories and types of third-party risk are continuously expanding 

Not only are the number of risks increasing for global enterprises, but the type and categories of risk are also broadening in their scope. Take, for example, the sudden expansion of third-party risk during the global pandemic.  Supply chains were interrupted, cybersecurity threats increased, and just-in-time delivery services meant that minimal supplies were in stock.

Third-party risk management software needs to be able to quickly filter through only the most relevant data. This will help them quickly expand their search even as the definition and scope of risk expands. 

Here is a query from Webhose’s Enriched News API that helps monitor cyberthreats related to third parties. The query enables you to quickly add more categories and types of cybersecurity risks for businesses in this industry.

article.category:ransomware OR cyberattack OR “data breach” OR “data leak” OR PII OR “personal identifiable information” OR malware OR hacking OR cybersecurity OR “digital risk protection” OR infosecurity article AND article organization.negative: (Netflix OR Disney OR Apple OR AT&T)

Tip: You can combine these open source queries with dark web monitoring for more holistic third-party risk management.

Regulation is another area in which the type and category of risk are constantly evolving. 

Here’s an example of a query searching for the latest regulations affecting Alibaba, AliExpress, HKTCS or DHgate. These companies are known as top Chinese website sourcing companies.

article.category:(regulation OR sanction OR legislation OR edict OR law OR code) AND (alibaba OR HKTCS OR DHgate OR AliExpress)

Enterprises have to stay on top of regulations and cyberthreats, even as they constantly evolve. These are just two examples of evolving third-party threats that enterprises need to monitor. Monitoring external sources like news data can help alert enterprises of impending regulatory risk.

3) The nature of third-party risk assessment is dynamic

The majority of risks aren’t measured by a particular incident or point, but are an evolving set of data points on a spectrum. The level of risk is also dynamic and can change over a period of time. Fortunately, third party risk assessment today has evolved into continuous monitoring of threats. That means enterprises need continuous access to high-quality data to identify risks in real-time.

Take the process of due diligence, for example. It’s crucial for financial companies that need to comply with regulations.  Due diligence is often a long and complex process for companies. The time and energy put into the beginning of the process is often neglected as the business relationship continues.As we’ve mentioned, enterprises don’t have access to the internal data like the due diligence process of their third parties. That means they’ll need to go to external sources for risk monitoring. Lawsuits, negative media, sanctions, watchlists, and politically exposed persons (PEPs), can all affect third-party risk.   Being able to monitor these types of news articles in real-time can help determine the risk scoring for different third parties as events evolve.

Here’s an example of how a query can discover the recent sanctions on Russia. These sanctions could affect various other companies and subsidiaries. 

article.category: (economic sanction OR “crime, law and justice” OR law enforcement OR crime) AND (“Rostec” OR “Solar Winds” OR Fortuna OR “Nord Stream 2”)

Webhose’s Enriched News API enables the continuous collection, structure, and enrichment of news data in real-time. These are just a few of the types of queries that allow enterprises to continuously monitor and identify third-party risk. 

A Ready-Made News Feed for Ever-Evolving Risk

The average enterprise today uses hundreds of third party services. As a result of this increased reliance, third party risk monitoring has now become more crucial than ever. 

Fortunately, third party risk management is now iterative, instead of calculating risk of specific points in time. It’s also expanding to include real-time data that includes external sources like news data. And it’s redefining its scope of risk.

Webhose’s NLP-enriched news data offers a way to access this type of high quality external data. It sifts through tens of thousands of news articles in real-time with filters, classifying them into over 200 categories. It can also recognize different types of sentiment of news data, both on a document and entity level. 

Webhose’s customized, ready-made Enriched News API can also be quickly integrated into any software with a plug and play integration. All of these features help enterprises ensure that their third parties give them far more opportunities than risks.

Learn more about Webhose’s Enriched News API smart entity extraction and plug and play search capabilities here