The global and interconnected nature of business today means that no company or organization is an island. Every modern business relies on many others, either as part of the supply or distribution chain, or for value-added services like accounting and social media marketing.
But employing a third party adds risk, especially if that company is given some level of access to network and computing resources, or is asked to handle and protect critical or proprietary information. Attackers may not need to breach a well-protected internal server if the same information is not protected to the degree deemed necessary by a third party. If a third party is given some level of trusted access to internal networks, it might be easier for a hacker to simply compromise the third party and then use their access to “legitimately” break into a network containing the target data they want to steal.
If the fates of companies like Delta, Best Buy, Target and so many others tell us anything, it’s that having good internal security, while critical, is no longer enough. In fact, a 2018 study from Ponemon found that more than half the breaches in the United States these days are due to third parties. To be fully protected requires a solid Third-Party Cyber Risk Management (TPCRM) program. Ultimately, it is vital for organizations to manage risk across their entire portfolio or ecosystem, by first identifying who poses them the most risk, and then applying the right level of due diligence to those vendors. Organizations also need to ensure that their due diligence provides them with actionable insights ..
Support the originator by clicking the read the rest link below.
