Nationwide Gains Real-Time, Threat-Centric View of Third-Party Risk With Recorded Future

Overview

For more than 80 years, Nationwide has helped protect people and the things they care about most. With more than 30,000 associates across the United States, the Fortune 100 company offers a wide range of services, including insurance and retirement planning, as well as investing and banking services.

We talked with Kirk Wyckoff, who leads Nationwide’s third-party information risk management team, as well as Anita Ritter, an information security specialist, and Mike Price, a threat intelligence team lead, about how threat intelligence from Recorded Future helps them save time and money while reducing risk across security functions.

Challenge

Nationwide has embarked on an enterprise-wide digital transformation journey to drive efficiency, automate processes, and ensure it can continue to deliver a world-class customer experience for years to come. In embracing modern technologies, the company’s broad network of partners, contractors, and third-party suppliers has grown significantly. While each of these relationships helps create business value, they also introduce new risks to the organization and increase the overall attack surface.

For years, the Nationwide third-party information risk management group had used a third-party risk management platform, but they struggled to maintain a clear and current view of their partners’ risk profiles. Wyckoff recounts:

“The platform’s data was often outdated and rarely refreshed. This meant that, for instance, if a company received a medium-to-high risk score of 67 during our initial due diligence, we couldn’t go back and see how that score was trending over time. We also didn’t have visibility into the specific events that impacted the company’s overall aggregate risk score.”

The team sought a better way to not only evaluate potential new suppliers — particularly around data sharing and protection practices for personally identifiable information (PII) — but also continuously assess and analyze risk across its existing third-party ecosystem. Wyckoff says, “We needed a solution that could provide a more contextualized and real-time view of third-party risk, backed by a company with a strong road map that we could rely on.”

Solution

After evaluating potential solutions, the Nationwide team selected Recorded Future’s Third-Party Risk module — part of its universal Threat Intelligence Platform — based on its broad set of external data sources, its ability to deliver real-time insights, and its cost-efficient price point.

The Third-Party Risk module helps the Nationwide team better understand, analyze, and rapidly address potential risks associated with third parties, including:

  • Corporate emails, credentials, and company mentions found on the dark web
  • Negative social media chatter
  • Domain abuse (often indicative of phishing attacks)
  • Use of vulnerable technologies
  • IT infrastructure misuse or abuse

In addition to collecting and analyzing this threat data, Recorded Future’s Intelligence Cards give the Nationwide team a quick and up-to-date view of each organization’s risk profile. “I use Intelligence Cards every day,” says Ritter. “They provide valuable insights into the risk postures of the critical suppliers we do business with — from real-time risk scores and alerts to custom rules we’ve set — and allow us to drill deeper when needed.” And by prioritizing threat intelligence, the Recorded Future solution helps the team quickly rule out low-risk alerts and false positives, focus on the most significant threats, and take immediate action to resolve them.

“When it comes to third-party risk, we’re always trying to tie vulnerabilities back to specific services we know and use,” says Wyckoff. “Recorded Future helps us connect the dots so that when we do identify issues, we can quickly corroborate them, escalate information to our procurement team, alert the third-party supplier, and collaboratively address the situation to drive down risk or remove them from our approved vendor list when necessary.” And by using this intelligence for new vendor evaluations, the Nationwide team can require changes to security and data protection practices before engaging in a business relationship.

Results

The Nationwide team estimates that Recorded Future has helped them reduce time spent on due diligence and reference checking by 50%. “Gone are the days of third-party risk evaluations with vendor questionnaires, Excel sheets, and screenshots,” says Wyckoff. “Recorded Future’s threat intelligence has enabled us to move away from a static, point-in-time approach to a continuous monitoring situation — because risk truly lies in the ongoing operations of a business.”

And enhanced threat intelligence hasn’t just benefited the third-party risk group — it is augmenting security and risk functions across the organization. Price says, “Recorded Future has helped us better prioritize third-party risk information and incorporate that into our broader cyber threat intelligence perspective. This enhanced threat intelligence has also helped to create and solidify relationships between our threat intelligence and the third-party risk groups, which ultimately helps us resolve incidents faster.”

What’s Next

According to Wyckoff, “Recorded Future gives us a greater level of confidence — it just feels more accurate. And it’s going to get better and better over time. We have a goal of shifting our team’s focus from 80% assessments to 80% monitoring. The Recorded Future solution is playing a critical role in making this a reality.”

The team also has plans to integrate the solution with existing security infrastructure such as Splunk to provide additional context, further centralize threat data, and gain a more complete picture of their corporate risk profile.