Posted on Feb 13, 2018
Ensuring everything is in place to protect cyber assets from those that wish to harm is a daunting task, even for the most seasoned cyber security team. The list of security controls that could be in implemented, or even more important should be in place, is extremely long. There are multiple cyber security frameworks and industry regulations that an organization can look to for guidance, but unfortunately, the documented security controls are often vague and lack clarity on where to begin. Some security frameworks are better than others in the quality of the documentation. Complicating matters for many businesses is that the IT footprint that should be secured is expanding nearly every day because of the rapid growth of outsourcing business functions to third-party companies (which in turn often outsource to other 3rd party companies, etc.). This article provides a few tips and techniques for managing cyber security risks in the supply chain or vendor network.
The Software as a Service (SaaS) model has seen a dramatic rise which has introduced new cyber security challenges for businesses. Gartner predicted that the worldwide public cloud services market would grow 18% between 2016 and 2017. Many businesses have already outsourced critical business services including human resources, billing, finance, customer relationship management (CRM), enterprise resource planning (ERP), among others. Although the use of these services may be convenient to businesses, they introduce complexity in how to manage cyber security risks on networks not owned by the business. Business executives now need to look at how to best drive programs that ensure proper protection of the company’s online data by their ecosystem of vendors or in their supply chain.
The depth and breadth of information security controls required by a business often require a significant team of qualified cyber security staff. Unfortunately, the supply of qualified people has not kept up with demand. A recent study by the Center for Strategic and International Studies and Intel Security reported: “82 percent [of the respondents] said they’re unable to fill open jobs with adequately trained and experienced [cyber security] people.” And reported further that “71 percent said the [cyber talent] shortage was already causing direct and measurable damage to their organizations.” The challenge of not being able to find enough qualified cyber security staff, joined with the complexities of influencing cyber security programs of third party partner companies can make a vendor risk managers job quite complex. Building an effective cyber security risk management program requires a commitment to the organization to ensure needed investment is made to implement appropriate security measures including legal contracts, cyber security assessment tools, partner collaboration, and training initiatives.
Managing one’s cyber security posture is hard enough. Ensuring that effective security measures are in place across an ecosystem of vendor or supply chains was near impossible until the recent emergence of automated and intelligent cyber security VRM solutions.
SecurityScorecard helps businesses understand vendor or supply chain cyber security risk across ten important risk factor areas. The solution helps businesses understand which companies from their ecosystem of vendor or supply chain pose the most risk via a common and consistent cyber security rating system. When used in collaboration with vendor or supply chains, organizations can quickly close the gap on the potential cyber security risk a vendor might pose.
Check out our list of 3 top third party risk management (TPRM) challenges, and the actions you can take to bolster your program. Learn more.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
Co-founder and CEO, Alex Yampolskiy, speaks about the importance of measuring and acting on key indicators of cybersecurity risk.
You’ve invested in cybersecurity, but are you tracking your efforts? Check out our list of 9 cybersecurity KPIs you should track. Read more.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.