October 02, 2020//Ellen NeveuxLast Updated: May 28, 2021
October is cybersecurity awareness month! But what does this mean for your business? With data breaches at an all-time high, 61% of which can be directly or indirectly tied to third-party vendors, this month-long initiative is the perfect opportunity for you to take a closer look at your own cybersecurity infrastructure and strategy.
October is a great reminder to tighten up security, but it’s only 31 days. Bad actors and bad habits put your network at risk for the other 11 months, too. So, be sure to implement the below proactive security measures throughout the year. They can go a long way towards reducing, or even preventing, the next attack.
Depending on your company’s operations, there could be dozens or even hundreds of third-party vendors accessing your system at any given time. In fact, one study by the Ponemon Institute found that 67% of security professionals say they do not have an inventory of third-party vendors accessing their systems.
Missing this critical piece of information can leave your company open to hackers waiting to exploit third-party security backdoors. The first line of defense against this type of attack is to obtain a full registry of all your third-party vendors, complete with key security personnel contact information.
How can you be sure that the vendors, suppliers, partners, and consultants you work with have the right security in place to prevent an attack from infiltrating your system? Without clear visibility into remote networks and third-party systems, it can be hard (if not impossible!) to know if a current or potential vendor may be vulnerable or compromised.
According to a report by CSO Online, companies spent an average of $10 million responding to third-party related security breaches. Large enterprises may have the resources to weather such a costly storm, but small businesses are unlikely to find the practice sustainable in the face of multiple breaches.
More importantly, performing a comprehensive risk assessment of each vendor can often prevent such penalties right from the start. You should know what information and system each vendor has access to, as well as vendor login data and behavioral patterns. However, this data alone won’t give you the complete picture. You also need an account of third-party security protocols, relevant penetration testings procedures, and details about how often each is reviewed and or updated.
Despite the ever-increasing frequency and sophistication of cyberattacks, a PwC report found that only 52% of businesses have security standards in place for third-party vendors. This kind of oversight can prove costly, both financially and with respect to a company’s reputation, as many well-known brands have seen after large-scale data breaches. While vendor management strategies vary from one company to the next, based on factors like size and budget, the important takeaway is that every business needs to have a third-party security strategy in place. The more engaged the C-suite is in the oversight and implementation of such policies, the more likely they are to be successful. Employee education, ongoing security audits, and need-based identity management controls for vendors are just a few smart ways to create a strong foundation for third-party security management.
Cybersecurity Awareness Month is a valuable reminder that while no business is 100% immune to a third-party breach, every company can significantly reduce its vulnerability by consistently reviewing its own security policies and procedures. Remember, effective cybersecurity is a year-round commitment. To learn more about the importance of vendor access management, download our eBook that highlights the importance of a well-rounded cybersecurity strategy.