In the past, a company's main concern was "Is my partner going to go out of business?" Now, it should include "What's my partner's cybersecurity posture?"
Gartner recently released a report showing major cyberattacks are coming. TechRepublic's Dan Patterson met with Gartner's research director Jeff Wheatman to discuss why companies should keep cybersecurity as their top priority.
"It's no longer just about understanding whether a company you're going to do business with is credit-worthy, we need to understand what their security posture is, because it's going to have an impact on our security posture," Wheatman said.
The report stated a company's cybersecurity posture is going to become as important as their credit rating. Although one company may understand where their partners' cybersecurity posture lies, each of those partners most likely have partners as well and so on. And ultimately one company could be affected by thousands of people associated with each of the company's different partners.
Historically, organizations would go to credit rating agencies and find out the creditworthiness of their partner, but now that companies are handing out data to their partners, they need to understand what their posture is. As a result of this, we've seen a big uptick in the market for security rating services, he said.
These agencies gather data—public and semi public—and run it through algorithms, and assign independent scores about the posture of a company's cybersecurity program.
"Because of this extended ecosystem...it's become more important for us to understand what the overall risk is of that expanded ecosystem," he said. It used to be that all businesses cared about was if their partner was going to go out of business, or default on their contracts, now it's more complex because partners have access to each other's data and systems.
- Cybersecurity in an IoT and mobile world, PDF (ZDNet/TechRepublic special report)
- These 3 departments are causing the biggest cybersecurity problems at your office (TechRepublic)
- Building a network of trust: Don't let partners be your weakest link in cybersecurity (ZDNet)
- Why SMBs are at high risk for ransomware attacks, and how they can protect themselves (TechRepublic)
- Information security incident reporting policy (Tech Pro Research)