If you Google “third-party data breaches” you will find many recent reports of data breaches that were either caused by an attack at a third party or sensitive information stored at a third-party location was exposed. Third-party data breaches don’t discriminate by industry because almost every company is operating with some sort of vendor relationship – whether it be a business partner, contractor or reseller, or the use of IT software or platform, or another service provider. Organizations are now sharing data with an average of 730 third-party vendors, according to a report by Osano, and with the acceleration of digital transformation, that number will only grow.
The Importance of Third-Party Risk Management
With more organizations sharing data with more third-party vendors, it shouldn’t be surprising that more than 50% of security incidents in the past two years have stemmed from a third-party with access privileges, according to a CyberRisk Alliance report.
Unfortunately, while most security teams agree that supply chain visibility is a priority, the same report notes that only 41% of organizations have visibility into their most critical vendors and only 23% have visibility into their entire third-party ecosystem.
The reasons for the lack of investment into Third Party Risk Management (TPRM) are the same that we consistently hear – lack of time, lack of money and resources, and it’s a business need to work with the vendor. So, how can we make it easier to overcome the barriers to managing third-party cyber risk? Automation.
images from Hacker News