What your annual third party risk assessment ISN’T telling you

Carly Woodcock Posted By Carly Woodcock
from Burlington Media Group

The 2017 Ponemon Cost of Data Breach Survey found that 63% of companies don’t have plans to update their Third Party risk assessments on an ongoing basis.

If you rely only on one-time assessments you risk missing critical information about your suppliers that can affect the security of your systems and data.

So let’s take a quick look at what’s not covered in a one-time annual Third Party risk assessment, the gaps in threat intelligence they create, and what you can do to ensure you get the complete picture of your ongoing threat landscape. 

Gap 1 – Operational Supplier Business Activity

  • Mergers and acquisitions,
  • Expansions,
  • Divestitures,
  • Contractions,
  • Redundancies, and
  • Senior Management changes…

All place stress on your suppliers and Third Party partners, their people controls and processes – which increases information security risk!

Gap 2 – Legal Threats and Regulatory Action

You deserve to know if your supplier or Third Party partners is undergoing:

  • Group litigation proceedings,
  • IP cases,
  • Sanctions,
  • Regulatory investigations, or
  • Other legal actions…

This will affect how and whether or not you choose to do business with them.

Gap 3 – Brand and Reputation Issues

Employee morale is stressed when a supplier confronts brand and reputational challenges, hurting operational effectiveness and security awareness..

which increases the probability of successful phishing and breach activity.

Gap 4 – Data and Security Events

If your suppliers and Third Parties experience a data breach or security incident, they could experience business interruptions that affect your operations.

Or worse, their hackers could become your hackers – gaining access to your systems and sensitive data.

Gap 5 – Financial Stability

Missing financial goals, capital changes, and bankruptcies can all be signs of deteriorating long-term viability of a supplier’s business.

This can also signal decreasing investment in information security resources and controls to combat today’s rapidly evolving threats.

How can you keep track of these potential threats to your security posture between annual risk assessments?

 

Get the complete picture:

Continuous Threat Monitoring

Continuous Threat Monitoring services, such as Supplier Threat Monitor provides a holistic view of the ongoing internal and external events that can affect the security postures of your suppliers… and you!

  • Fills the intelligence gap between periodic assessments
  • Holistic view of potential risks across 5 key areas – Operational, Financial, Regulatory, Brand and Data
  • Potential risk events constantly surfaced, scored and delivered
  • Intelligent filtering of risk events and feeds
  • The only monitoring service offering insight into each supplier’s investments in IT security products

 

You’re only as Strong as your Weakest Link

Outsourcing has clear benefits — from lower costs to increased efficiency and productivity in non-core business processes. But the value Third Parties bring can be eroded by associated risks. Third Party weaknesses are your weaknesses.

By developing and maintaining an effective Third Party risk management program, you can help ensure that your suppliers have strong controls in place and protect your organisation from fiscal, operational, regulatory and reputational risk.

We’d be pleased to hear from you and help find the most cost-effective way to develop, maintain or expand your Third Party risk management efforts.

 

Post a Comment

Add your comment