ExtraMile by SecureITWorld assesses the latest security threats businesses face and the robust strategies that can help overcome them. In each edition, top industry voices and experts join us to share their viewpoints on the changing tech and cybersecurity environments.
For today’s Q&A session, we are super excited to host Ferhat Dikbiyik, the Chief Research and Intelligence Officer of the leading cyber risk intelligence provider, Black Kite. The firm offers a real-time view of changing cyber risk dynamics, enabling companies to make informed security decisions.
Ferhat leads the research on cyber risk assessment, cyber data analysis, major strategies adopted by cybercriminals, and others. He also looks after Black Kite’s platform, enhancing ML algorithms. In the discussions, Ferhat shares his journey in cybersecurity research, Black Kite’s Adversary Susceptibility Index (ASI), the importance of real-time data, third-party risk management, and more.
Accompany us in exploring the current dynamics of cybersecurity and the upcoming days of cyber risk intelligence.
Welcome, Ferhat; it’s a pleasure to host you today!
1. With over a decade of contribution to cybersecurity research, data analysis, and project management, you have been addressing real-world challenges. Walk us through your journey so far.
Ferhat. "My path began in academia, where I earned a PhD at UC Davis working on disaster risks to telecom networks, including large-scale cyberattacks. That’s where I discovered the power of data-driven approaches to complex problems. Even as a professor, I kept exploring how to recover from cyberattacks on critical infrastructure.
When I connected with the founders of Black Kite, their focus on third-party cyber risk immediately resonated with me. Organizations are no longer just defending their own networks—they’re exposed through every partner and vendor. What inspired me was the chance to bring data science and threat intelligence together to solve that real-world challenge.
Since then, my work has been about measuring cyber risk in a way that makes sense for business leaders: understanding how threat actors operate, how victims are chosen, and how third-party ecosystems create hidden vulnerabilities. At Black Kite, as Chief Research & Intelligence Officer, my team and I have focused on turning research into actionable intelligence so companies can make faster, smarter decisions about their vendors."
2. Black Kite is a leading provider of cyber risk intelligence and management. Tell us about your key roles and responsibilities at the company as its CRIO.
Ferhat. "As Chief Research & Intelligence Officer, I view my role as ensuring that the intelligence we produce effectively helps companies address real-world problems. At Black Kite, that means a few things.
First, I lead the team that tracks how threat actors operate—especially ransomware groups—and how they pick their victims. That gives us a real-world view of where risks are coming from.
Second, I oversee the models we’ve built to measure third-party cyber risk, like our Ransomware Susceptibility Index, Adversary Susceptibility Index, and FocusTags (the risk intelligence for high-profile incidents). My role is to make sure those aren’t just academic models but reflect how attacks really unfold.
And third, I focus on turning research into something customers can act on. It’s not enough to identify a risk—we need to show companies what it means for their vendors and what steps they can take.
So in short, I bridge the research side with the business side, helping organizations see the risks in their supply chain and make faster, smarter decisions before an incident happens."
3. The firm has recently introduced the Adversary Susceptibility Index (ASI) to integrate threat actor intelligence in TPRM. What are the key features and benefits of this advancement?
Ferhat. "The Adversary Susceptibility Index, or ASI, is our latest step in bringing threat actor intelligence directly into third-party risk management. Traditional TPRM tools often look only at the surface—things like patching or configurations. But attackers don’t think that way. They choose their victims based on opportunity, weakness, and payoff.
ASI is really the next step in how we integrate threat intelligence into third-party risk management. Four years ago, we launched the Ransomware Susceptibility Index, or RSI, which has shown a strong correlation with real ransomware incidents. RSI helps answer the question: who in my vendor ecosystem is susceptible to a ransomware attack?
ASI takes that success and pivots the lens. Instead of just asking who is susceptible, it asks susceptible to who? In other words, it measures how visible a company is to a specific threat actor based on how those groups operate and what they look for in their targets.
The benefit is precision. Companies don’t just see a general level of cyber risk—they see which vendors are likely to attract the attention of which adversaries. That makes it much easier to prioritize defenses and resources where they matter most."
4. Ransomware has been a major threat for businesses around the world. Why do you think risks like ransomware are evolving, and what are the mitigatory tactics for this?
Ferhat. "Ransomware keeps evolving because the groups behind it operate more like startups than criminals hiding in the shadows. They adapt quickly, share infrastructure, outsource skills, and constantly test new tactics. In our latest 2025 Ransomware Report - How Ransomware Wars Threaten Third-Party Cyber Ecosystems, we’ve seen groups collapse and re-form, affiliates jump between syndicates, and new techniques like supply chain attacks becoming more common. It’s an ecosystem that learns fast, which is why the risk never stays still.
Mitigation has to be just as dynamic. The basics still matter, e.g., patching, backups, multifactor authentication, but those alone aren’t enough. Companies also need to understand how they look to an attacker. That means measuring susceptibility, monitoring third-party vendors who can open a backdoor, and practicing rapid response. The organizations that do best are the ones that don’t just defend reactively, but anticipate how they might be targeted and prepare for it."
5. What is the importance of zero-trust security and multi-factor authentication in strengthening the cybersecurity frameworks within organizations?
Ferhat. "Zero-trust and multi-factor authentication are two of the most practical ways organizations can strengthen their defenses. Zero-trust flips the old idea of ‘trust but verify’ into ‘never trust, always verify.’ It means every user, device, and connection has to prove itself every time, which makes it much harder for attackers to move around if they do get in.
Multi-factor authentication is a simple but powerful layer on top of that. Most breaches still start with stolen or guessed credentials. MFA breaks that chain by requiring more than just a password—whether it’s a code, a token, or biometrics.
Together, they close the easy doors attackers often exploit. It’s not about building a perfect wall, but about making sure every step an attacker takes requires effort, increases their risk of detection, and buys defenders time to respond."
6. According to you, how is AI transforming third-party risk management (TPRM) solutions? What are the major challenges to look for while integrating AI into TPRM?
Ferhat. "AI is already transforming third-party risk management by helping organizations see patterns that humans alone would miss. It can analyze vast amounts of vendor data, threat intelligence, and incident reports, and then surface the risks that really matter. Instead of just reacting to questionnaires or compliance checklists, AI allows TPRM teams to be more proactive—spotting early warning signs, predicting which vendors might be targeted, and even automating parts of the monitoring process.
That said, there are challenges. The first is data quality. AI is only as good as the data it learns from, so inaccurate or incomplete vendor data can create blind spots. The second is explainability—if a model flags a vendor as high risk, risk managers and executives need to understand why so they can act confidently. And finally, there’s the risk of over-reliance—AI should augment human judgment, not replace it.
So, AI is a powerful enabler in TPRM, but the key is to integrate it responsibly: ensuring transparency, grounding it in strong data, and keeping people in the loop."
7. What is the significance of real-time data in cyber risk intelligence? How do you collect appropriate data and transform it into actionable insights in this regard?
Ferhat. "Real-time data is critical because attackers move fast. If you’re relying on static assessments, you’ll always be behind. We saw this clearly in the recent Salesloft–Drift incident: a single compromised integration and stolen OAuth tokens gave attackers access not only to Salesforce, but also to connected downstream systems. Without real-time monitoring, that kind of exposure can go unnoticed until it’s too late.
At Black Kite, we collect data continuously, from threat actor behavior to vendor exposures and third-party integrations, and then transform it into context that risk managers can act on. That means not just flagging a vulnerability, but showing whether it’s the kind of weakness a threat actor would actually exploit, and what the potential blast radius could be.
The benefit of real-time intelligence is simple: it shortens attacker dwell time and gives companies a chance to contain incidents before they escalate."
8. What role do cybersecurity leaders play in highlighting the importance of cybersecurity among organizations? What is your approach to this?
Ferhat. "Cybersecurity leaders play a critical role in making risk visible to the business. It’s not just about technical defenses; it’s about showing executives and boards how cyber threats connect to operations, reputation, and even revenue. If leaders don’t make that link clear, cybersecurity is often treated as an IT issue rather than a business priority.
My own approach is to keep it simple and data-driven. I strive to translate complex intelligence into language that decision-makers can act on, whether that’s explaining why a ransomware group might target a vendor or illustrating what a third-party incident could mean for customer trust. At Black Kite, that’s exactly what we focus on: turning research into actionable insights that help organizations make faster, smarter risk decisions.
At the end of the day, our job as cybersecurity leaders is to bridge the gap, helping the business understand the risks in plain terms and providing a clear path to address them."
Discover More In-depth Interviews:
