Getting ahead of a major blind spot for CISOs: Third-party risk

2021-09-01 04:30

"While third-party risk is not necessarily new, it is something that is often a blind spot as it's often not seen as a direct responsibility of CISOs and security teams," said Gene Yoo, CEO of Resecurity, Inc and former security executive at a major U.S. financial institution.

"This blind spot is typically created when there's a lack of visibility into the actual state of the cybersecurity posture and security team of the third-party vendor. However, when an incident does occur, that is when it quickly becomes an issue as the organization itself will take the blame for the breach."

The lowest hanging fruit is implementing Third-Party Risk Management solutions that can identify the network, identity, technology and geographical risks, said Yoo.

Third-party Risk Management solutions like Resecurity's Risk platform allows organizations to tap into actionable, external threat intelligence such as recent data leaks, breached accounts, misconfigured services and infections.

Third-party risk management solutions can offer an inside look on the dark side of the web, providing insight into if the hackers were targeting the third-party vendor in the past, or if such activity has been identified recently and may require consideration.

Using TPRM, organizations can complete a comprehensive digital risk assessment of the third-party vendor by performing more than 20 unique quality checks related to network hygiene of the enterprise including analysis of exposed identities in the Dark Web, breached accounts, infected endpoints and historical indicators of compromise.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/ViLPyWkMg0w/

#ciso