Third-party cyber threats are impacting major business decisions, according to a BitSight and CeFPro report. Here are some of the biggest challenges.
Managing third-party cyber risk is crucial to a functional business, according to a BitSight and Center for Financial Professionals (CeFPro) report released on Tuesday. However, a lack of consistent monitoring and reporting is presenting major challenges for organizations, leaving them vulnerable to data breaches, the report found.
The report surveyed 126 financial services professionals from various industry sectors across the world. The financial industry, in particular, works with thousands of vendors including legal organizations, accounting and human resources firms, management consulting and outsourcing firms, and IT and software providers, the report said. All of these vendors act as potential avenues for cyberattackers.
SEE: Vendor management: How to build effective relationships (free PDF) (TechRepublic)
"Although there has been a significant increase in effectiveness, attention, and resources focused toward third-party cyber risk over the last few years, there is still much to be done," Andreas Simou, managing director at CeFPro, said in a press release. "Utilizing more effective tools and techniques to overcome the ever-increasing challenges being faced within the industry, with third- (and fourth-) party cyber risk as just one key area to be addressed."
The report outlined the following six biggest challenges companies face in assessing third-party vendor risks:
- Data accuracy and quality
- Actionability of data
- Lack of continuous monitoring
- Speed of the risk assessment process
- Cost of on-sight assessments
- Unclear responsibility within an organization
While these challenges are significant, companies must still take steps to protect themselves. Organizations should begin by making a full list of third parties and standardize a risk assessment process, the report said. Companies must also continuously monitor third-party partners, using security ratings to access real-time visibility into vulnerabilities. The report also recommended establishing consistent board reporting and creating a fourth-party risk program to oversee the business ecosystem.
For more tips on how to achieve better security practices with third-party vendors, check out this TechRepublic article.
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Phishing attacks: A guide for IT pros (TechRepublic download)
- Information security policy template download (Tech Pro Research)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- The best password managers of 2019 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)