Vendor Risk Management

Eradicate Cyber Threats: Launch Your Third-Party Risk Management Program

Kim Johnson | June 4, 2019

When launching a third-party risk management (TPRM) program, one of the best places to begin to be proactive about mitigating cyber risk from your third parties is by examining the vulnerabilities present on their network. Despite global knowledge of the harm that vulnerabilities can do to users and businesses alike, they still continue to persist and cause business interruption worldwide. 

Today’s digital environmental offers tremendous opportunities for modern organizations. At the same time, there is more risk. Vulnerabilities and infections plague organizations around the globe — and their numbers continue to rise. In 2018, the annual volume of vulnerabilities reached an all-time high of 15,872 CVEs. And as organizations increase their reliance on third-party vendors for outsourced services and solutions, they expand their attack surface.

Understandably, when it comes to managing risk internally proactive controls can be put into place when a vulnerability is identified on the network. However, the struggle lies in identifying and mitigating risk across your supply chain.  How can you ensure control across your third-party ecosystem and the potential vulnerabilities that exist there? Once this foundation is established within your TPRM program, you can build on it and shift to a more proactive approach to managing third-party risk — and limiting your exposure.

BitSight recently published a white paper on vulnerabilities and third-party risk management, “5 Tips to Manage Third-Party Risk”, which highlighted some of our research on vulnerabilities affecting businesses on a global scale and the trends we can see related to them.

With the number of reported vulnerabilities and infections increasing year over year, cyber threats, such as data breaches and attacks causing business interruption, are a top concern for organizations as their supply chain continues to expand and cyber risk threatens their environment.pasted image 0The image above, taken from BitSight’s newest report, implies that the window for those vulnerabilities and infections to continue to plague organizations through third-party relationships, or their own infrastructure can be as long as two years. Some organizations do not have visibility into that infection time.

So how can you launch a third-party risk management program when you have limited visibility into the security posture of your third parties— which are the quickly expanding attack surface of potential cyber threats? One best practice is to start with a quick review of your vendor’s security posture. By using data-centric solutions like security ratings, you can review initial knowledge prior to doing more in-depth assessments like vendor questionnaires.

Every vendor risk manager or TPRM team knows that you need to start somewhere. Initially, you should focus on the areas of your critical third parties’ security posture that could have an immediate impact — such as the presence of vulnerabilities or infections.

BitSight immediately exposes cyber risk within your supply chain, whether you’re launching
or scaling your TPRM program, helping you focus your resources and working alongside you
and your vendors, to give you the confidence to make faster, more strategic cyber risk
management decisions with the resources you have today.

Want more tips on launching your third-party risk program? Watch this on-demand webinar or read this ebook. 5 tips to manage third-party risk

Suggested Posts

How To Mature Your Vendor Risk Management Program

There are layers of uncertainty plaguing security professionals when it comes to the time, money, and energy they spend focusing on their third-party risk management systems. Without the proper tools and analysis, it is hard to know if...

READ MORE »

Mitigating Risk in Your Expanding Digital Ecosystem

As time goes on, organizations are taking on more and more new digital transformation initiatives to become increasingly agile and boost productivity — dramatically transforming the number of digital touchpoints employees interact with on...

READ MORE »

FBI Alerts Companies of Cyber Attacks Aimed at Supply Chains

Earlier this month, ZDNet broke the news that the FBI had sent a cybersecurity alert to the U.S. private sector warning of an ongoing hacking campaign against supply chain software providers. According to the FBI, hackers are attempting to...

READ MORE »

Subscribe to get security news and updates in your inbox.