sb-as logo
Story image

Third party risks ‘a serious risk’

Article by Narinder Purba, senior editor at ESET

Third party risks to organisations has been described as a “serious threat”, a new study by the Ponemon Institute and Shared Assessments as revealed.

The report, titled Tone at the Top and Third Party Risk, also found that most respondents believe that this particular threat is on the rise.

The main reason for this is down to “disruptive technologies”, the authors of the report were told.

Organsations said that they consider the widespread take-up of cloud-based services and the Internet of Things to increases third party risks.

“The threat landscape is constantly evolving, and as a result, third party risk is only going to increase,” commented Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.

“It has become imperative for organisations to create formal programs for vendor risk management in order to avoid being compromised, and more importantly, business leaders need to set a strong example.”

The paper also found that a major problem within enterprises in this key area is that accountability appears to be lacking any direct responsibility.

Consequently, not having single individual or department in charge of managing third party risk leaves organisations more vulnerable to threats.

The authors of the report recommend that those in positions of authority within an enterprise should set a “positive tone” when it comes to third party risk mitigation.

Advantages of this approach include boosting awareness among third party vendors of the need for good cybersecurity policies, such as data protection.

Charlie Miller, senior vice president with the Shared Assessments Program, said: “The highest level of organisations, the board and C-Suite, need to better communicate their values across the enterprise, setting a positive tone and creating formal programs to mitigate this risk, ultimately helping companies to improve their risk management practices.”

Story image
BackupAssist partners with Wasabi for greater cyber-resilience
This partnership provides customers with an up to 80% less expensive solution that is faster than the competition for achieving enterprise-grade cyber-resilience, the company states. More
Story image
Check Point exposes Android malware vendor using dark net to rebrand products
Check Point security researchers have exposed an Android malware vendor using a marketer on the dark net to rebrand its products, with the intention of supercharging business and throwing off security vendors. More
Story image
Huawei: Corporates must focus on data minimisation and business continuity to mitigate data security challenges
"From a long-term sustainable point of view, organisations will need to adopt data minimisation and privacy by design and default."More
Story image
Palo Alto Networks advances attack surface management with Expanse
"By integrating Expanse's attack surface management capabilities into Cortex after closing, we will be able to offer the first solution that combines the outside view of an organisation's attack surface with an inside view to proactively address all security threats."More
Story image
Demystifying 'zero trust' and its role in cybersecurity
The principle of ‘zero trust’ in cybersecurity is simple: Trust nothing, and verify everything.More
Story image
Entrust acquires HyTrust, with aim to improve data encryption solutions
Entrust says the acquisition will bolster its effort to deliver data protection and compliance solutions to its customers, while accelerating their digital transformations.More