To better manage cybersecurity risks, extend zero trust principles to third parties.

- Advertisement -

- Advertisement -

The Modern Cybersecurity Landscape an agile and data-driven risk management strategy is required to combat the ever-expanding surface of third-party attacks.

- Advertisement -

When a business outsources services by sharing data and network access, it inherits cyber risk from its suppliers to their employees, processes, technology, and that supplier’s third parties. A typical enterprise works with about 5900 third parties on averagewhich means companies face huge risk no matter how well they cover their own bases.

For example, 81 separate incidents by third parties resulted in more than 200 publicly disclosed breaches and thousands of wave breaches during 2021, according to data report from the Black Kite.

- Advertisement -

The current external approach to third party risk management is inadequate. Instead, the industry needs to move to a new, third-party approach to risk management, initiating discussions that go beyond external assessments. In particular, enterprises should establish zero trust principles for all vendors, assess the risks of external and internal assets through internal assessment, and measure cyber risks in real time.

The principle of zero trust “Never trust, always verify” is widely used to manage the internal environment, and organizations should extend this concept to third-party risk management.

To combat this, businesses must consider suppliers as part of their business.

Impending Threat

The amount of data and business-critical information that one enterprise shares with its suppliers is staggering. For example, a company may share intellectual property with manufacturing partners, store personal health information (PHI) on cloud servers for provision to insurance companies, and provide marketing agencies with access to customer data and personal information (PII).

This is just the tip of the iceberg and most companies often don’t know how big the iceberg really is. In a survey conducted by the Ponemon Institute, 51% of the companies surveyed said they do not assess the degree of cyber risk of third parties before granting them access to confidential information. What’s more, 63% of the companies surveyed said they had no knowledge of what data and system configurations vendors can access, why they have access to it, who has permissions, and how data is stored and shared.

This vast network of businesses exchanging information in real time results in a vast attack surface that is becoming increasingly difficult to manage. To overcome this problem, enterprises are using cybersecurity initiatives such as questionnaire-based surveys and security assessment services in their third-party risk management strategies.

While these tools have specific use cases, they also have severe limitations.

Cyber ​​Security Rating Services is a fast and cost effective third party risk assessment approach. Their simplicity – representing a provider’s cyber risk as a score, like a credit score in financial services – makes them a popular choice despite the limitations.

Credit: /

- Advertisement -

Stay on top - Get the daily news in your inbox

DMCA / Correction Notice

Recent Articles

Related Stories

Stay on top - Get the daily news in your inbox