Enterprises rely heavily on third-party vendors for faster time to market, improved profitability and reduced costs. However, third-party partnerships come with varying risks, including financial, information security, reputational and regulatory risks. If a business outsources important functions to third parties or uses them in its data handling or network chain, the risks are compounded by those parties’ weaknesses.
According to Opus & Ponemon Institute’s 2017 Third Party Data Risk study, 56 percent of organizations experienced a data breach through a third party, and 42 percent of organizations experienced attacks against third-party vendors that resulted in the misuse of their firm’s confidential or sensitive information. The reality is that no matter how good the reputation or credibility of your third-party vendor is, security risks will never completely go away.
It is under such circumstances that we see the emerging need for third-party risk management. And there’s also a business case for doing so: proactive mitigation of third-party risks is a mainstay of good cost management and operational health.
Here’s what you can do to leverage the capabilities of third-party vendors and simultaneously protect your data, systems, and network.
1. Plan for a Swift Exit Strategy
Any third-party relationships should begin with a transition plan, an exit strategy or a prenup – whatever you call it; it’s best to start by planning for the end which, in the case of vendor-related partnerships, can occur at any point in time. Whether due to an unexpected breach, contract completion, abandonment of a promised service or turning over duties to a fourth party, termination of a contract is inevitable. The deeper the vendor is layered in and utilizes the confidential information of an organization and its customers, the more challenging it will become to disentangle. A preplanned exit strategy is therefore essential.
As a best (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Dan Virgillito. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/U4VZOC8cspw/