What is third-party risk and how to mitigate it?
The rapid increase in digital third-party relationships contributes to escalated cyber risk. With service outsourcing, companies need to grant access to the system to partners or organization’s supply-chain, which puts confidential business information, financial transactions and sensitive employee and customer data at risk.
The problem is not new , Target is just one of countless examples. In 2013, Target’s security breach occurred from e-mails sent to Fazio Mechanical, one of the companies affiliated with Target, that lead to the leak of 70 million customer data and 40 million bank information. Year after year, companies are exposed to more risks from their business relationships, weakened by poor safety standards of other companies.
According to the Ninth Annual Cost of Cybercrime Study (Accenture, 2019),
61% of organizations have experienced an IoT security incident and 67% observed an increase in security breaches in the last five years. Another shocking fact is that over half of all companies have experienced a third-party breach yet only 16% are able to mitigate those risks (Ponemon Institute. Data Risk in the Third-Party Ecosystem. 2018).
This type of threat is not always malicious. Most of the time, it is caused by negligent behavior. According to a recent report conducted by the Ponemon Institute, negligent behavior is the most costly to companies annually, even though its cost per incident is lower. On the other hand, criminal behavior is less frequent, although it costs approximately 3x more per incident.
The problem involves the entire company, since relations with third parties are present in services that involve logistics, sales, customer support, marketing, among many others. In addition, each company has a partner management model. Thus, the solution needs to be adaptable to different realities.
How to manage your business relationships securely?
In order to avoid commercial relations problems with third parties, the company needs to adopt strict security standards, which involve the choice of its partners and their cyber security management. Compliance and security standards must also be extended to third-party companies.
The Ponemon Institute's “Data Risk in the Third-Party Ecosystem” analyzed companies that were successful in avoiding the third-party data breach and named best practices to reduce incidence of third-party data breaches:
* Evaluation of the security and privacy practices of all third parties
* An inventory of all third parties with whom you share information
* Frequent review of third-party management policies and programs
* Third party notification when data is shared with Nth parties
* Oversight by the board of directors
To meet these protocols effectively, we need to have the support of technology. There are currently several tools on the market that offer risk analysis and protection from third parties. The challenge, however, is to find the most complete and adapted tool to the needs of your company.
At CyVent, we are confident to appoint RiskRecon, a Mastercard company. It’s the only solution that automatically provides risk prioritization and continuous monitoring.
Why choose RiskRecon?
We are thrilled to be RiskRecon partners. RiskRecon automatically collects security information from vendors, partners and your own enterprise to help you understand how well each organization manages their digital footprint.
It provides risk-prioritized ratings based on issue severity and the system value at risk. The platform data is independently certified to be 99.1% accurate. The accuracy is achieved by a combination of patent-pending machine learning automation and analyst quality control.
The system evaluates over 40 security criteria across 9 domains. The impact of all vulnerabilities is analyzed to produce a cyber risk score.
There’s a direct correlation between RiskRecon scores and actual data breaches. Based on a sample of 46,000 Companies, entities with a score of “C” experience a 3x higher frequency of breaches than those with a score of “A”.
All assessment details are visible to you and your vendors, and RiskRecon provides a report that includes a summary of your organization's current cybersecurity posture at no additional fee. In addition, the platform automatically produces action plans to highlight only issues that exceed your company’s risk policy.
With all this information, you can easily keep your business secure from businesses that aren’t. It allows you to select new vendors faster, prioritize your third-party assessments based on RiskRecon-rated vendor performance, focus your vendor assessments on areas where you know they violate your risk requirements, improve your M&A analysis and more.
See more and schedule some time to speak with one of our experts: https://www.cyvent.com/en-us/prevent-your-company-from-third-party-risk-with-riskrecon