How do you break into a bank? In the old days, burglars would dig their way into the vault from a basement next door.
In today’s digital economy, hackers don’t barge through the front door, either. They are looking to circumvent the cybersecurity barriers of financial service providers and other security-conscious companies by targeting potential weak spots on their IT periphery - such as less guarded software vendors or law firms with access to the bank’s network.
How can companies assess and manage third-party risk? Vendor risk management ranks high now on the agenda of enterprise CIOs and CISOs in the financial services industry and its business partner ecosystem. But what about other sectors?
Law firms were the first to feel the pressure, as described elsewhere on this blog. Yet in many organizations, regardless of industry, the IT infrastructure continues to remain under threat through undetected and unmitigated vendor risks.
You may have heard how vendors contributed to recent large-scale data breaches at retailers, healthcare providers and government agencies.
To be clear - third parties didn’t “cause” these data breaches by themselves. The surveys and research results covered in this post illustrate an endemic lack of vendor risk awareness and management.