Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    10 Ways Enterprises Can Limit Third-Party Cyber-Risk

    By
    CHRIS PREIMESBERGER
    -
    February 8, 2017
    Share
    Facebook
    Twitter
    Linkedin

      PrevNext

      110 Ways Enterprises Can Limit Third-Party Cyber-Risk

      1 - 10 Ways Enterprises Can Limit Third-Party Cyber-Risk

      To compete in a global marketplace, enterprises increasingly are moving their business processes and other services to the cloud and outside suppliers. This trend has created many more attack surfaces for cyber-criminals. According to industry analysts, nearly two-thirds of major breaches involve a third party. Complex supply chains amplify this cyber-risk. As enterprise digital ecosystems expand beyond the traditional boundaries of their organizations, reducing risk from third parties becomes a high priority. What are the key steps enterprises of any size should take to reduce its risk from third-party data breaches? In this eWEEK slide show, primary industry information comes from CyberGRX CEO Fred Kneip, a former head of compliance and security at Bridgewater Associates and principal at McKinsey & Co., whose company makes a risk-management platform.

      2Recognize That Third Parties Include More Than Vendors

      2 - Recognize That Third Parties Include More Than Vendors

      Start with vendors, but know that third parties also include suppliers, joint venture affiliates, subsidiaries and customers. Third parties are any organizations that connect with the network or with whom information is shared.

      3Evaluate Third Parties Based on Risk, Not Total Spend

      3 - Evaluate Third Parties Based on Risk, Not Total Spend

      Determine the extent to which your organization shares confidential information. What type of connections does it have with third parties? A company may spend more with its cafeteria supplier than its back-end server maintenance company, but the server maintenance company deals with more confidential information, so it can pose a greater risk.

      4Consider Security in Third-Party Selection

      4 - Consider Security in Third-Party Selection

      Too often, security is left out of the vetting process of potential providers. This can lead to last-minute assessments to meet deal deadlines or using providers with poor security practices because “we are already so far along.” Incorporating security requirements into the initial vetting process will limit any negative outcomes later.

      5Regulatory Compliance Does Not Mean Risk Management

      5 - Regulatory Compliance Does Not Mean Risk Management

      Security can’t only be about meeting minimum regulatory standards. Events within the security world change constantly, and regulations take time to catch up. For example, most regulations today don’t account for ransomware, yet organizations need to be prepared to for ransomware attacks.

      6Require Ongoing Maintenance of Third Parties

      6 - Require Ongoing Maintenance of Third Parties

      A once-a-year security review will not suffice in the current threat landscape, which is constantly changing and creating new risks to the enterprise. Organizations need a dashboard in place to provides up-to-date risk analyses.

      7Follow Through on Contractual Commitments

      7 - Follow Through on Contractual Commitments

      It’s critical that companies follow up with their third parties to confirm any changes required in the contract have been corrected. If your third party is contracted to check logs periodically or have encryption by default on all laptops, it’s up to you to ensure those obligations are met.

      8Practice Open Communication

      8 - Practice Open Communication

      Modern third-party cyber-risk management (TPCRM) programs require continuous, open communication between the large enterprise and its partners. A TPCRM program should be mutually beneficial, with each party involved in the other’s progress. Successful security programs and TPCRM require true collaboration.

      9Educate Your Team

      9 - Educate Your Team

      Make sure the business leaders in your organization, including the board of directors, understand the risks of third-party relationships. Have larger conversations about informed risk assumption and the need to remove the perception of security as a blocker to business. All business decisions must be made with a comprehensive understanding of the risks involved.

      10Be Prepared to Answer the Important Question

      10 - Be Prepared to Answer the Important Question

      At some point, your board of directors will ask which of your third parties pose the greatest risk to your organization, based on today’s threat landscape. To answer this question, you need a dashboard view of your entire digital ecosystem, including all its assessments, to map threat intelligence.

      11Streamline Your Response Process to Assessment Requests

      11 - Streamline Your Response Process to Assessment Requests

      Since no standardized cyber-risk assessment exists currently, companies must complete risk assessments for each of its third-party providers. To reduce the number of individual assessments that you have to complete, try to develop a assessment process that works for your own organization that multiple third-parties will accept to enable your company to share updated security information continuously.

      PrevNext

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×