When it comes to enterprise risk, third-party cybersecurity risks have increased substantially in recent years. By implementing an effective third-party risk management program, organizations can mitigate much of their risk and better protect themselves from attacks that emanate from third parties. The key word here is “effective.”
Dark Reading’s latest e-zine, How to Use Threat Intelligence to Mitigate Third-Party Risk, digs into how threat intelligence can be implemented to attain a continuous risk assessment on partners, suppliers, vendors, contractors, and other third parties.
Third-party threat intelligence helps security teams to move beyond capturing a point-in-time view of security and regulatory compliance maturity and more accurately assess the risk over time. The convergence of threat intelligence and third-party risk management (TPRM) programs can ensure that third parties don’t drastically increase the risk of data breaches or other cybersecurity events and, should such an incident occur, help to minimize its impact.
How TPRM Is Changing
Historically, if TPRM was done at all, effective programs included identifying, categorizing, and assessing the risk of third parties, along with due-diligence questionnaires designed to gauge the maturing of their security and regulatory compliance program. Additionally, an enterprise would conduct a thorough independent investigation of vendors before signing any contract. Finally, the organization would include new partners and suppliers in their incident response planning so as to minimize any incident’s impact.
“Organizations can send questionnaires, and they’re going to provide some indication of the policies they have in place and their certifications,” says Alla Valente, senior research analyst at Forrester covering governance, risk, and compliance; third-party risk; and supply chain risk. “But that doesn’t tell you everything happening inside their networks or systems. It also doesn’t provide answers about broader risks, such as geography or if nation-states are targeting that vertical. These are all things you want to identify.”
While there is scant data on how enterprises use TPRM threat intelligence to improve their third-party risk management, TPRM programs are gaining steam broadly. In Prevalent’s 2022 Third-Party Risk Management Industry Study, two-thirds of respondents reported that their TPRM programs have more visibility among executives and the board than the year before.
Check out Dark Reading’s How to Use Threat Intelligence to Mitigate Third-Party Risk for ideas on reducing third-party risks for your organization by leveraging threat intelligence.