Why You Should Assess Your Vendor's Security Performance Frequently
Noah Simon | May 7, 2015
Third party breaches still account for a large percentage of security incidents. In fact, according to this year's Verizon DBIR report, in 70% of attacks where there was a known motive, a secondary victim was involved. These victims could be vendors, business partners, or vital pieces in supply chains. While the common phrase that “you are only as strong as your weakest link” has been used ad nauseum, it certainly rings true. The following are just some of the reasons why continuously monitoring the security of third parties is crucial:
Security posture can change at any time
New vulnerabilities emerge each day. Even though it is time-consuming for companies to address these internally, the same must be done for partners and third parties. While popular vulnerabilities such as Heartbleed and Poodle are highly publicized, third parties may have other, less high-profile points of weakness. For example, SPF records may not exist, or they may have too many hosts. In addition, DKIM records may have low levels of encryption - or worse, they may be expired.
In addition, security leadership changes as CISOs and senior IT professionals leave organizations. Monitoring security is vital to maintaining trust even when business relationships change.
Reporting to the Board
Frequent assessments of vendor security performance will allow for confident reporting to the board. An audit, penetration test, or vulnerability scan performed 6 months before a board meeting does not offer an accurate, up-to-date picture of vendor security performance. In addition, it may not be efficient to execute these tests before board meetings. These solutions, combined with continuous monitoring will provide a comprehensive view of vendor security so that you can confidently report to your board about your vendor’s security at any time.
The desire to monitor vendor security performance is rising. However, third party breaches continue to take place on an alarming basis as organizations struggle to implement continuous monitoring solutions. Simply having a program to monitor third party security performance is not enough. Organizations that monitor third parties with greater frequency will increase their ability to mitigate third party risk.
If you’re using a “one-size fits all” approach to managing your vendor lifecycle, you are missing opportunities to save money and operate more efficiently. Vendor management efficiencies don’t end in the onboarding stage: using a...
If you’re experiencing frustrating delays and procedural roadblocks during your vendor management process, you’re not alone. Security managers are seeing an increase in the number of third-parties integrating with their business, and ...
During this dynamic and stressful workplace environment 2020 has brought us, finding the most efficient ways to perform in your job has never been more important. When it comes to managing your vendor lifecycle, there are three ways you...