Security Ratings

A Data-Driven Approach to Vendor Risk Management

Debbie Umbach | January 6, 2015

Third party risk has become a hot topic throughout 2014, with no signs of slowing down in 2015.  The WSJ highlighted high-profile breaches stemming from a vendor here and here, and the OCC issued more third party risk guidance. BitSight discussed third-party risk related to retail and how to communicate with the board, as well as in a 2014 roundup.

With this as a backdrop, ESG’s Jon Oltsik sat down with BitSight’s Co-Founder and CTO, Stephen Boyer, to discuss the challenges around third party risk — and what can be done about them.

ESG research on supply chain security reveals some troubling insights: less than one third of critical infrastructure organizations always audited the security of their strategic software vendors and only half of organizations had established formal processes for security information sharing with their 3rd party partners. While organizations recognize the security risks associated with their information supply chain, their vendor risk management (VRM) programs are still anchored to manual processes and point-in-time, paper-based audits lacking in automation and scale. Companies are looking for automated, continuous monitoring solutions to better manage cyber supply chain risk.

Watch the full video to hear about the regulatory landscape and other drivers for third party oversight — and to learn about how security ratings can help.

 

 

Suggested Posts

Mitigating Risk in Your Expanding Digital Ecosystem

As time goes on, organizations are taking on more and more new digital transformation initiatives to become increasingly agile and boost productivity — dramatically transforming the number of digital touchpoints employees interact with on...

READ MORE »

Do You Need to Create Segmented Networks to Protect Critical Assets?

Network segmentation — the act of dividing a network into multiple smaller, isolated networks that are not visible from the outside — has long been used to reduce cyber risk. At its core, segmentation assumes a “zero trust” approach to...

READ MORE »

Cloud outsourcing poses new challenges for regulators and Financial Services

Cyber risk and regulatory compliance are two sides of the same coin in the Financial Services sector. Together, they spur Financial Services companies to take action to protect customers, their business and the global financial ecosystem...

READ MORE »

Subscribe to get security news and updates in your inbox.