Third-party and supply chain partners are often the weak link in cybersecurity programs. With weaker security measures, supply chain partners are a favorite target of attackers to gain access to larger organizations. Because of this vulnerability, larger organizations are instituting more comprehensive cybersecurity requirements for all third-party suppliers.
According to the Ponemon Institute, 75% of IT professionals surveyed acknowledged the risk of a breach through a third party is dangerous and increasing. More specifically, 63% of all data breaches can be linked either directly or indirectly to third-party access according to Soha Systems. The average cost of these breaches for U.S. companies, according to the Ponemon Institute — after adding up fines, remediation, and loss of customers — was US$7,350,000.
Relying on third-party suppliers and supply chain partners who bring their own cybersecurity measures and protocols often create a patchwork approach that is prone to errors. According to Shawn Waldman, CEO of Secure Cyber Defense, “Patchwork cybersecurity programs have led to substantial breaches because companies don’t have plans and processes in place for properly managing outside access to a network. Establishing a more ridged cybersecurity process for any third-party vendor who has access to your network, and what exactly they have access to, is the new standard to manage risk.”
Organizations are now requiring the ability to monitor, identify risk, and isolate threats throughout all third-party systems accessing their network, particularly those with access to highly sensitive customer and financial data. It isn’t enough to evaluate third-party suppliers once; organizations need a plan to monitor and access threats continuously.
The good news for third-party suppliers is that once they achieve higher levels of cybersecurity and compliance, business opportunities with larger companies open up. While a company’s products and services may be the main draw of larger organizations, having a third-party organization compliant with their more stringent cybersecurity requirements becomes a significant competitive advantage. A recent Vodaphone report found “86% of high-growth companies are seeing cybersecurity as an enabler of new business opportunities, rather than simply a means of defense.”
Secure Cyber Defense works closely with organizations mapping out their cybersecurity strategy while establishing a protocol for onboarding suppliers and third parties who link with critical systems and databases. In the case of NIST standards, Secure Cyber Defense offers the CAPE (Compliance and Planning Engine)tool that makes developing your System Security Plan, including incident response templates, maintenance logs, media control logs, security assessments, and more, easy enough to complete in four to eight hours. With October marking Cybersecurity Awareness Month, there’s no better time for businesses to prioritize improving their cybersecurity approach.