To serve your customers and realize efficiencies, your organization may work with dozens if not hundreds of third parties including partners, vendors, cloud service providers, and subcontractors.
But digital ties with these providers greatly increase your organization’s exposure to cybersecurity attacks. Flaws in a third party services provider’s security defenses and practices – like those that triggered the SolarWinds hack – can put your data, systems, and networks in danger, even if your own security operations are relatively robust. In fact, a study by Opinion Matters found that 92% of U.S. organizations have experienced breaches that originated with vendors.
Let’s look at four ways you can effectively monitor third party services for cyber risk – across the life of your contracts.
1. Understand your organization's evolving third party services landscape
As your company grows, so does it’s third party digital ecosystem. Evaluating those vendor relationships is critical to understanding the cyber risk they pose. Yet a study by the Ponemon Institute found that two thirds of companies don’t maintain an inventory of third party relationships.
This isn’t surprising. According to Gartner, in 2019, 60% of organizations were working with more than 1,000 third parties. Given the pandemic rush to adopt cloud services and the growing challenge of shadow IT, that number has likely surged.
Given these factors it can be hard to grasp the complex web of interconnected business relationships in your supply chain. You need a quick and easy way to discover each vendor within that supply chain, even fourth parties.
That’s why BitSight developed tools that let you continuously monitor your extended ecosystem and gain unrivaled visibility into the vendors you do business with – and their relationships with subcontractors. With this awareness you can track where sensitive data flows, pinpoint which vendor has access to what systems, and identify risky business connections. You can then tier vendors and allocate assessment resources where the greatest risk to your organization lies.