With cyber crime-related costs to hit $6 trillion annually by 2021, according to Cybersecurity Ventures, and continued high-profile breaches in news headlines, more and more organizations fear that one cyber-attack could suddenly put a stop to growth and profitability. Understanding breach likelihood is, of course, a critical element of successfully blocking attacks and ensuring business continuity.
If vendors in a third-party portfolio share common security weaknesses (Common Vulnerabilities and Exposures [CVE], for example), hackers can deploy malware to exploit the flaws across the board, ultimately causing multiple breaches within your vendor network and putting your enterprise at substantial risk. This is a correlated risk, similar to that faced by the mortgage industry in 2008, that can expose your business to compromise, even if the individual vendors in your ecosystem have reasonably good security hygiene. This can happen in large healthcare systems using the same vendors, for example. If a supplier security issue disrupts operations in one hospital, it’s likely to wreak havoc among other facilities in the same network. A similar scenario might involve thousands of companies being breached as the result of a security weakness in a high-profile cloud services provider like Amazon Web Services (AWS).