Large vendor ecosystems and low visibility increase third-party cyber risk

2020-09-25 03:30

Third-party cyber risk budgets and other key findings 29% say they have no way of knowing if cyber risk emerges in a third-party vendor.

"The research clearly indicated the reasons behind this high breach frequency: only 23% are monitoring all suppliers, meaning 77% have limited visibility and almost one-third only re-assess their vendors' cyber risk position six-monthly or annually. That means in the intervening period they are effectively flying blind to risks that could emerge at any moment in the prevailing cyber threat environment."

"Jim Penrose concludes:"Overall the research findings indicate a situation where the large scale of vendor ecosystems and the fast-changing threat environment is defeating attempts to effectively manage third-party cyber risk in a meaningful way.

"Visibility into such a large and heterogenous group of vendors is obscured due to lack of resources and a continuing reliance on manual, point-in-time processes, meaning real-time emerging cyber risk is invisible for much of the time."

"For organizations to make meaningful progress in managing third-party cyber risk and reduce the current concerning rate of breaches, they need to be pursuing greater visibility across their vendor ecosystem and achieving better context around alerts so they can be prioritized, triaged and quickly remediated with suppliers."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/rW4J16b23NY/

#cyberrisk