Third-party risk prevention strategies inadequate despite organizations being aware of the threats

2021-09-30 05:00

While organizations recognize third-party threats expose them to great risk, many organizations fail to take adequate measures to mitigate it.

Current third-party risk prevention strategies leave organizations vulnerable.

Ninety-five percent of respondents said their organizations experienced a strategy- or technology-based challenge in managing third-party risk.

Organizations need to approach third-party risk with a new holistic, ecosystem-focused, and cybersecurity-focused strategic mindset.

"Organizations that fail to take thoughtful steps to monitor, defend, and prepare for third-party cyber incidents have undermined their entire cybersecurity posture," said Dave Stapleton, CISO, of CyberGRX. "As the Forrester study highlights, many organizations recognize the hazards posed by third parties; however, their actions do not reflect effective mitigation. Lacking a defined TPCRM strategy creates the opportunity for a breach, even if internal risk management strategies are otherwise solid and effective."

To improve third-party cyber risk practices, organizations must consider vendors as an extension of their own brand, and set a strict baseline and expectations for their cyber maturity.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/O8T0u5jCBT0/

#prevention #threat