How to make your next third-party risk conversation less awkward
One of the scariest things about last year’s SolarWinds data breach, which impacted the world’s largest companies and some of the United States’ most secure government offices, was how far-reaching it was.
The attack was introduced through SolarWinds, a US firm that counted all those companies and agencies as clients. It is believed to have gone undetected for up to nine months. The accounting of damages might never be complete.
While the full extent of the damage is unknown, it has rightfully initiated many uncomfortable conversations about the IT supply chain and forever changed the way companies interact with third-party vendors.
This is a positive and necessary outcome. It puts organizations in a more comfortable position to demand transparency and seek out answers on cybersecurity. Vendors will now be expected to fully disclose any vulnerabilities and respond appropriately in order to earn clients’ trust.
It’s not a question of whether another major data breach like SolarWinds will happen, but when. Supply chain attack surfaces are expanding, stretched by remote work, e-commerce, and accelerated cloud adoption, while third-party vendor attacks are becoming more frequent, increasing by 430% in 2020.
Here are three steps you can take to make these third-party conversations less awkward and more effective:
1. Focus on People and Processes
Before starting the third-party risk management conversation, identify who has access to sensitive info, assets most likely to be targeted, and controls required to keep the associated data secure. We still see too many old login methods utilized in cloud environments, and their monitoring capabilities are typically not enough to provide real-time visibility or assessment.
You’ll need to acquire the right tools to build a playbook for automation and response. These solutions should help security teams prioritize day-to-day assignments and tasks with alerts, reducing the overall noise of your network.
To read the complete article, visit Dark Reading.