Page 175 - Cyber Defense eMagazine April 2023
P. 175

Technology  research  and  consulting  firm  Gartner  predicts  that  by  the  year  2025, at  least  45%  of
            organizations worldwide will be impacted by supply chain attacks.

            Companies on the receiving end of such attacks lose millions of dollars for incidents that are outside of
            their direct control. Moreover, each incident of data breach severely impacts the organization's reputation.
            According to the data collected by the National Cybersecurity Alliance, up to 60% of small businesses go
            out  of  business  and  file  for  bankruptcy  within  6  months  of  suffering  from  a  data  breach  or  other
            cybersecurity incidents.

            Thus, in this environment of the growing threat of third-party cyber security risk, companies must have a
            well-planned strategy to mitigate the risk.



            Third-party Cyber Security Risk Management- 5 Best Practices

            Effective  third-party  cyber  security  risk  management  strategy  involves  assessing  the  potential  risks
            associated with each third-party relationship, implementing appropriate controls and safeguards, and
            continuously monitoring for potential vulnerabilities and threats.

            Here are 5 best practices that your organization should adopt to minimize potential security vulnerabilities
            and threats that arise from the use of third-party vendors, suppliers, or partners who have access to your
            business's systems, data, or network.



            Assess the security measures implemented by your vendors

            The recent Gartner report suggests that over 80% of businesses could identify third-party risk only after
            initial onboarding and due diligence. It shows that the traditional assessment method fails to detect new
            and evolving cyber security threats. You must update your due diligence process in order to identify all
            the risk factors.

            Before entering into a contract with a vendor, service provider, or any other third-party entity, make sure
            you are thoroughly updated on their security protocols. If there is a lack of transparency in their security
            policy document, ask pertinent questions to ensure you know what security measures they implement to
            protect the system. Assess the vendor’s security testing to confirm the company has effective detection
            and response plan. Also, enquire about the past cyber security incidents experienced by the vendor and
            how those incidents impacted their clients.




            Establish clear security requirements in contract

            The  security  requirements  of  a  company  depend  on  the  risk  tolerance  level.  It  is  important  to
            communicate to your vendor about your security expectations. Establish clear security requirements for
            all third-party vendors, including data security and privacy standards, incident response protocols, and







                                                                                                             175
   170   171   172   173   174   175   176   177   178   179   180