About Caroline McDonald

Caroline McDonald is a writer and former senior editor of the Risk Management Monitor and Risk Management magazine.
Immediate Gains Immediate Vault Immediate Access

Security Risks of Third-Party Vendor Relationships

Most organizations are heavily reliant on third-party vendors for a large component of their business. According to Deloitte, a typical Fortune 500 company may use more than 100,000 external third-parties—including vendors, suppliers, service providers, and outsourcers—to meet its business objectives and stay competitive. With these added relationships, however, come higher exposures to security risks including data breaches and cyberattacks.

Riskonnect offers insight into some of the risks companies face when doing business with third-parties:

Hurricane Florence Losses Estimated at $2.5 Billion

Now a tropical depression, Florence hovered primarily over North and South Carolina over the weekend, dumping record-breaking rainfall in those states and killing at least 17 people. Remnants of the system are heading north, bringing rain through Tuesday.

The storm made landfall near Wrightsville Beach, N.C. on Sept. 14, causing more than one million power failures and at least 16 deaths over the weekend, according to the New York Times. Tropical Depression Florence slowly flooded cities, endangering communities from the coastline to the mountains, and requiring more than 1,000 rescues.

Karen Clark & Company (KCC) estimates that insured losses from Hurricane Florence will be $2.5 billion, which includes the privately insured wind, storm surge, and inland flooding damage to residential, commercial, and industrial properties and automobiles, but does not include National Flood Insurance Program losses.

KCC reports:

On Sept. 14, Florence made landfall in North Carolina with maximum sustained wind speeds around 90 mph. As the storm slowly passed southwest over South Carolina on Sept. 15, the hurricane weakened to a tropical storm and made a wide turn to the north. By Sept. 16, Florence had become a tropical depression in northeastern South Carolina.

Peak surge from Hurricane Florence reached 10 feet in New Bern, North Carolina, and other areas of the state including Beaufort and Wilmington had significant storm surge impacts. Locations at the heads of shallow bays, where the water is more easily pushed ashore by a hurricane’s high wind speeds, experienced the most coastal inundation.

Although this storm is winding down, there may be more to come. “We’re now in the peak of hurricane season, and the season still has a long way to go,” Dr. Gerry Bell, lead seasonal hurricane forecaster for the National Oceanic and Atmospheric Administration told the Times. He added, “There will be more storms—that’s a definite. Where exactly they track, and when or if they’ll make landfall—that’s what’s not predictable this far in advance.”

Florence Highlights
▪Made landfall near Wrightsville Beach, North Carolina, with Category 1 wind speeds

▪Reached peak intensity of 140 mph on Sept. 10, but weakened before impacting the U.S. coast and spared the Carolinas from major hurricane impacts

▪Expected intensification to a Category 5 hurricane did not occur

▪Slow forward speed decreased to 6 mph prior to landfall and reached as low as 2 mph once inland

▪Brought heavy precipitation in excess of 30 inches to parts of North Carolina

▪Peak storm surge reached 10 feet in New Bern, North Carolina

Structures in Wildland Urban Interface Present Added Fire Risks

The trend of building homes in isolated wooded areas has been increasing across the United States. This urbanization of woodlands has changed the way forests are managed. Small wildfires that were once allowed to burn out are now suppressed to protect homes and buildings. Added to this are drought conditions exacerbated by climate change. All of these factors have increased the likelihood of wildfires.

The United States Forest Service (USFS) notes that 32% of the housing units in the U.S. and one-tenth of all land with housing are situated in the Wildland-Urban Interface (WUI). The largest cost driver for both Federal and State wildfire suppression operations is the protection of public and private property in the WUI, according to the USFS.

The “Wildland-Urban Interface Federal Risk Mitigation Executive Order 13728,” released in 2016 by the Federal Emergency Management Agency (FEMA), reported that:

In 2015 alone, more than 10 million acres of wildlands burned, requiring the service of more than 27,000 firefighters and resulting in $2.1 billion spent by the USFS and the Department of the Interior (DOI) to suppress the fires—a record amount. Over the last decade, the fire season has become 2.5 months longer, and fires covering more than 10,000 acres increased, with the average area burned by wildland fires doubling in the last three decades to an estimated seven million acres per year.

This year, more records were broken. In California, the Mendocino Complex Fire became the largest wildfire ever recorded in the state, according to the California Department of Forestry and Fire Protection, or Cal Fire.

According to FEMA, 46 million homes in 70,000 communities are at risk of WUI fires, which have destroyed an average of 3,000 structures annually over the past decade. As more people move into the WUI, businesses follow, putting organizations and jobs at risk.

To protect structures from fire, especially those in the WUI, the Insurance Institute for Business & Home Safety (IBHS) recommends that protection should take into account for a building’s materials and design features—as well as the selection, location and maintenance of landscape plants, including grasses, shrubs, bushes and trees.

According to IBHS, a defensible space should be maintained around a building to reduce wildfire threat and help a building to survive without assistance from firefighters. A vegetation management plan (VMP) also needs to be put in place, particularly in WUI areas. A VMP provides important information about the land, such as:

  • Topography (slope and aspect)
  • Location of building(s) on the land
  • Proposed fuel treatment details (suggested actions such as thinning and prescribed burning to minimize wildfire risks)
  • Environmental concerns (such as threatened and endangered species, state-listed sensitive species and wetlands)

The VMP also provides detailed information on how the three defensible space zones will be developed and maintained. When developing a VMP, IBHS recommends consulting a landscape professional such as a forester, range manager, or natural resource specialist.

IBHS recommends creating three defined areas around a building called defensible space zones. Each zone has specific recommendations for the types of plants used, including how they should be grouped and maintained.

Body Scanners Installed in L.A., Tested in Other Locations

Security scanners that screen passengers entering stations and terminals are being tested around the country and have been installed in subway stations in Los Angeles. The Associated Press reported that the machines scan for both metallic and non-metallic objects. They can detect suspicious items from a distance of 30 feet and are capable of scanning more than 2,000 passengers per hour. About 150,000 passengers ride on the Metro’s Red Line daily and the subway system counted more than 112 million rides last year, the AP said.

The New York Times reported that the federal government has been studying the technology for 15 years. The Transportation Security Administration (TSA) partnered with the Los Angeles transit agency on the project, helping the agency test and vet security technologies. The devices purchased are made by the company Thruvision and can be placed at locations throughout the transit system, officials said.

According to the Times:

Officials in Los Angeles said that riders need not worry that their morning commute would turn into the sort of security nightmare often found at airports or even sporting events. The portable screening devices, which will be deployed later this year, will “quickly and unobtrusively” screen riders without revealing their anatomy and without forcing them to line up or stop walking, they said.

“We’re looking specifically for weapons that have the ability to cause a mass casualty event,” Alex Wiggins, the chief security and law enforcement officer for the Los Angeles County Metropolitan Transportation Authority, said Tuesday. “We’re looking for explosive vests, we’re looking for assault rifles. We’re not necessarily looking for smaller weapons that don’t have the ability to inflict mass casualties.”

On Aug. 14 the scanners were tested in the Port Authority Bus Terminal in Manhattan, where in December a man set off a crude pipe bomb in an underground subway passageway, injuring himself. It is estimated that the Port Authority serves about 8,000 buses and 225,000 commuters daily.

As the Risk Management Monitor reported, the TSA also tested body scanners in New York’s Penn Station in Manhattan in February and has conducted tests at Union Station in Washington, D.C., and at a New Jersey Transit station during Super Bowl XLVIII, the AP said.