![]() Use standardized risk data to create comparative pictures of risk Perimeter security is no longer sufficient, so a more collaborative security is the best approach moving forward. Understanding exposure cannot be done in a silo it's imperative that we not only break down the cybersecurity silos within an organization, but also break down these silos between vendors as well. Creating a safe cyber ecosystem will take all organizations within it. In order to keep up with the sheer volume of developing cyber risks and security vulnerabilities, the individual, and siloed management of third-party cyber risk must pivot to more comprehensive, collaborative solutions. Communicate and share intelligence and data amongst organizationsĪ recent study found that organizations tend to focus on assessing the same set of vendors, but it is often the vendors they aren’t looking at that pose the greatest risk. When an organization is able to identify which third-parties and supply chain partners pose the highest risk, they can ensure the proper security controls are in place to best mitigate risk. These types of detrimental third-party security incidents have resulted in some of the biggest breaches known today, such as Target, Experian, Quest Diagnostics, Facebook, Lord & Taylor, the FBI, and many others. Unfortunately, even when just one vulnerable organization is breached, severe consequences can occur to a variety of organizations, even if they hold stronger security postures. ![]() One out of every five enterprises are connected to high-risk third parties within a given cyber ecosystem. Here are some steps organizations can take to ensure a more secure future:Īssess the security posture of companies within your vendor ecosystem By acknowledging the common need to protect ourselves and making strategic changes to how we manage vendors, ideally by creating consistent and comparative pictures of risk and exposure, organizations can work together to mitigate the greatest vulnerabilities. The time is now for organizations to prioritize understanding or appreciating the exposure brought on by expanding their vendor ecosystem. While they may feel insulated from the consequences of a breach like SolarWinds, the vulnerabilities exploited in this attack demonstrate that even the most robust security programs can be undermined by less secured third-party vendors and/or supply chain partners. Unfortunately, even organizations with mature security programs are still at high risk. It is not the first breach, nor will it be the last, that reverberates through a web of connected enterprises, and government institutions. The SolarWinds breach, while incredibly serious, is a flash in the pan brought upon by a simple vulnerability that was leveraged to gather intelligence, mine data, and to sow animosity and resentment between organizations.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |