A data breach is an IT security incident where data is compromised or stolen from a system without the knowledge or authorization of its owner. But what happens when a third party is involved?
A third party data breach is an incident where sensitive data from an organization is not stolen directly from it, but through one of its third party vendors. In this case, the vendor’s systems are misused to access the organization’s systems.
Stolen data may include sensitive, proprietary, or confidential information such as credit card numbers, trade secrets, customer, or patient data. Third party breaches cost millions of dollars every year to companies of all sizes. The average total cost of a data breach is $4.35 million, and in the United States, it rises to $9.44 million.
Because attackers target a member of the victim’s supply chain, a third party data breach might also be called a supply chain attack. These attacks are often successful because third parties, including vendors, suppliers, contractors, or business partners, may have weaker security controls than the organizations they provide services to.
But third party vendors are key to any business in today’s interconnected economy, providing critical services like billing, software development, or data storage. So how do you make sure your vendors do not create unnecessary risk?
The answer is not to avoid third party relationships, but to engage only with vendors who show a robust security posture. This can be easily accomplished by thorough vendor risk assessments and continuous monitoring, as part of vendor risk management (VRM) and holistic third party risk management (TPRM) programs.
How to prevent a third party data breach with VRM best practices
Here are some ways in which a third party risk management program can help secure your supply chain and prevent a third party data breach:
- Streamlining due diligence and vendor risk assessments to assess vendors before onboarding
- Automating the onboarding and reassessment process for more agile risk mitigation
- Facilitating continuous monitoring based on real-time data feeds and analytics
- Increasing visibility over risk from third party and fourth party relationships
- Customizing and updating security requirements upon newly discovered threats and vulnerabilities
- Identifying vendors who no longer meet security standards and facilitating their offboarding without causing business continuity issues
Get the Guide: Building a scalable VRM program
Bitsight VRM arms teams with a complete feature set for vendor management workflow automation, making it easy to achieve complete visibility over risk across the digital supply chain and make confident decisions powered by objective cyber risk analytics.