Security News > 2021 > June > Mitigating third-party risks with effective cyber risk management
A third party could present a softer target, creating an opportunity for threat actors to move from that network to their primary target.
A third party can actually become the primary target if it holds the sensitive data that threat actors want.
A customer organization has to understand that it retains responsibility for the data it shares with third parties and that the third parties-because they can access, hold and use that data-are effectively an extension of the customer's business.
Organizations and third parties should employ TPCRM tools that apply cyber risk management to third parties by identifying their inherent risk, calculating the likelihood of a cyber incident involving the third party, and highlighting the residual risks that are most critical to address.
A TPCRM program also provides visibility to the partner organizations, ensuring assessments are current and readily available-as often as requested-to both the customer organization and the third party.
A TPCRM program provides a framework for collaboration among organizations, enabling them to keep their cybersecurity efforts up to date with the latest developments in third-party cyber risk management.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/_6rghOTxup8/