Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    10 Ways Enterprises Can Limit Third-Party Cyber-Risk

    By
    Chris Preimesberger
    -
    February 8, 2017
    Share
    Facebook
    Twitter
    Linkedin

      PrevNext

      110 Ways Enterprises Can Limit Third-Party Cyber-Risk

      1 - 10 Ways Enterprises Can Limit Third-Party Cyber-Risk

      To compete in a global marketplace, enterprises increasingly are moving their business processes and other services to the cloud and outside suppliers. This trend has created many more attack surfaces for cyber-criminals. According to industry analysts, nearly two-thirds of major breaches involve a third party. Complex supply chains amplify this cyber-risk. As enterprise digital ecosystems expand beyond the traditional boundaries of their organizations, reducing risk from third parties becomes a high priority. What are the key steps enterprises of any size should take to reduce its risk from third-party data breaches? In this eWEEK slide show, primary industry information comes from CyberGRX CEO Fred Kneip, a former head of compliance and security at Bridgewater Associates and principal at McKinsey & Co., whose company makes a risk-management platform.

      2Recognize That Third Parties Include More Than Vendors

      2 - Recognize That Third Parties Include More Than Vendors

      Start with vendors, but know that third parties also include suppliers, joint venture affiliates, subsidiaries and customers. Third parties are any organizations that connect with the network or with whom information is shared.

      3Evaluate Third Parties Based on Risk, Not Total Spend

      3 - Evaluate Third Parties Based on Risk, Not Total Spend

      Determine the extent to which your organization shares confidential information. What type of connections does it have with third parties? A company may spend more with its cafeteria supplier than its back-end server maintenance company, but the server maintenance company deals with more confidential information, so it can pose a greater risk.

      4Consider Security in Third-Party Selection

      4 - Consider Security in Third-Party Selection

      Too often, security is left out of the vetting process of potential providers. This can lead to last-minute assessments to meet deal deadlines or using providers with poor security practices because “we are already so far along.” Incorporating security requirements into the initial vetting process will limit any negative outcomes later.

      5Regulatory Compliance Does Not Mean Risk Management

      5 - Regulatory Compliance Does Not Mean Risk Management

      Security can’t only be about meeting minimum regulatory standards. Events within the security world change constantly, and regulations take time to catch up. For example, most regulations today don’t account for ransomware, yet organizations need to be prepared to for ransomware attacks.

      6Require Ongoing Maintenance of Third Parties

      6 - Require Ongoing Maintenance of Third Parties

      A once-a-year security review will not suffice in the current threat landscape, which is constantly changing and creating new risks to the enterprise. Organizations need a dashboard in place to provides up-to-date risk analyses.

      7Follow Through on Contractual Commitments

      7 - Follow Through on Contractual Commitments

      It’s critical that companies follow up with their third parties to confirm any changes required in the contract have been corrected. If your third party is contracted to check logs periodically or have encryption by default on all laptops, it’s up to you to ensure those obligations are met.

      8Practice Open Communication

      8 - Practice Open Communication

      Modern third-party cyber-risk management (TPCRM) programs require continuous, open communication between the large enterprise and its partners. A TPCRM program should be mutually beneficial, with each party involved in the other’s progress. Successful security programs and TPCRM require true collaboration.

      9Educate Your Team

      9 - Educate Your Team

      Make sure the business leaders in your organization, including the board of directors, understand the risks of third-party relationships. Have larger conversations about informed risk assumption and the need to remove the perception of security as a blocker to business. All business decisions must be made with a comprehensive understanding of the risks involved.

      10Be Prepared to Answer the Important Question

      10 - Be Prepared to Answer the Important Question

      At some point, your board of directors will ask which of your third parties pose the greatest risk to your organization, based on today’s threat landscape. To answer this question, you need a dashboard view of your entire digital ecosystem, including all its assessments, to map threat intelligence.

      11Streamline Your Response Process to Assessment Requests

      11 - Streamline Your Response Process to Assessment Requests

      Since no standardized cyber-risk assessment exists currently, companies must complete risk assessments for each of its third-party providers. To reduce the number of individual assessments that you have to complete, try to develop a assessment process that works for your own organization that multiple third-parties will accept to enable your company to share updated security information continuously.

      PrevNext
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×