Security News > 2021 > September > Third-party risk prevention strategies inadequate despite organizations being aware of the threats
While organizations recognize third-party threats expose them to great risk, many organizations fail to take adequate measures to mitigate it.
Current third-party risk prevention strategies leave organizations vulnerable.
Ninety-five percent of respondents said their organizations experienced a strategy- or technology-based challenge in managing third-party risk.
Organizations need to approach third-party risk with a new holistic, ecosystem-focused, and cybersecurity-focused strategic mindset.
"Organizations that fail to take thoughtful steps to monitor, defend, and prepare for third-party cyber incidents have undermined their entire cybersecurity posture," said Dave Stapleton, CISO, of CyberGRX. "As the Forrester study highlights, many organizations recognize the hazards posed by third parties; however, their actions do not reflect effective mitigation. Lacking a defined TPCRM strategy creates the opportunity for a breach, even if internal risk management strategies are otherwise solid and effective."
To improve third-party cyber risk practices, organizations must consider vendors as an extension of their own brand, and set a strict baseline and expectations for their cyber maturity.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/O8T0u5jCBT0/