Third-party breaches are on the rise. According to a recent report by the Ponemon Institute, over 60% of US companies experienced a data breach caused by one of their third parties in 2018, up from 49% in 2016.
The consequences of such breaches can be devastating: Besides losing consumer confidence and loyalty, companies can face costly penalties for violation data privacy regulations. To prevent such cyber incidents, security professionals must demand that suppliers demonstrate and maintain a strong cyber posture.
What steps should you take to mitigate third-party security risk? Here are our top five recommendations:
1. Evaluate the supplier’s security posture
It’s important to consider security posture on the perimeter level, including CMS version, mail server, domain hijacking, SSL certificates and security technologies in place. Checking these systems will help uncover cyber gaps and vulnerabilities, giving you a good idea of a supplier’s overall cyber posture.
2. Remediate security gaps
Once security gaps have been identified, your suppliers should be expected to achieve a reasonable level of security. Be sure to engage with the supplier and pinpoint the issues so that they become aware of the problem, understand the issue and know how to fix it.
3. Secure supplier interaction
Take steps to secure interaction with suppliers you wish to work with that don’t have good security postures. This includes being more vigilant about the information being shared and how it is shared. For example, the demand and enforcement of data removal after a certain period or limited access to various systems.
4. Continuously monitor
Hackers constantly use new methods to exploit vulnerabilities and suppliers frequently add new assets and software that can create new cyber gaps. For these reasons, it’s essential to continuously monitor the cybersecurity posture of suppliers and receive live alerts on any significant changes. In case of a change, you should alert your supplier of these issues.
5. Minimize risk based on relationship
Consider minimizing data breach risk based on the relationship level that the company as with the supplier. For instance, a company might decide to sever all open network connections with the supplier while another company might add dedicated auditing for the supplier network communications.
Want to learn more about how Panorays can help your company minimize the risk of third-party breaches? Contact us today.