Security Ratings

A Data-Driven Approach to Vendor Risk Management

Debbie Umbach | January 6, 2015

Third party risk has become a hot topic throughout 2014, with no signs of slowing down in 2015.  The WSJ highlighted high-profile breaches stemming from a vendor here and here, and the OCC issued more third party risk guidance. BitSight discussed third-party risk related to retail and how to communicate with the board, as well as in a 2014 roundup.

With this as a backdrop, ESG’s Jon Oltsik sat down with BitSight’s Co-Founder and CTO, Stephen Boyer, to discuss the challenges around third party risk — and what can be done about them.

ESG research on supply chain security reveals some troubling insights: less than one third of critical infrastructure organizations always audited the security of their strategic software vendors and only half of organizations had established formal processes for security information sharing with their 3rd party partners. While organizations recognize the security risks associated with their information supply chain, their vendor risk management (VRM) programs are still anchored to manual processes and point-in-time, paper-based audits lacking in automation and scale. Companies are looking for automated, continuous monitoring solutions to better manage cyber supply chain risk.

Watch the full video to hear about the regulatory landscape and other drivers for third party oversight — and to learn about how security ratings can help.

 

 

Suggested Posts

BitSight Study: Healthcare Sector is Far Too Vulnerable to Cyber Threats

Healthcare is under attack. Hospitals, doctors’ networks, insurance companies, and others are prime targets for hackers due to the valuable protected health information (PHI) they store and the vital role they play in our nation’s critical...

READ MORE »

What Boards of Directors Are Missing about Cybersecurity

Cyberattacks have increased significantly in recent years, bringing vital conversations about cybersecurity into the Boardroom. As Board oversight of cybersecurity has increased, Board members — even those without technical expertise —...

READ MORE »

Research Paper Validates Security Ratings’ Correlation to Likelihood of Breach

This spring, the research paper titled “Risky Business: Assessing Security with External Measurements” was published on Cornell’s academic resource site. Authored by former BitSight data scientist, Jay Jacobs, as well as fellow academics...

READ MORE »

Subscribe to get security news and updates in your inbox.