How To Reduce Third-Party Cyber Risk (And Why You Should)


Since the advent of time, people have been stealing from one another. Since the advent of the internet, they've been doing it without the other person noticing.  

22% of companies don't know whether they had a data breach in the past year.  

That's alarming because data breaches come in such a multitude of forms – from overt theft of IP from a server to keystroke logging. Those 22% of companies could be actively broadcasting their secrets (and the secrets of their customers) for the (under)world to see.  

Even more alarming is the fact that their customers won't know either. With the interconnected nature of the global economy, it's very easy to see how one compromised internal system could affect hundreds of thousands of other companies down the line.  

59% of companies have experienced a data breach that was caused by one of their vendors or third-parties. Or, more accurately, 59% of companies have experienced a data breach that they know about. 

In 2021, the average cost of a data breach was $4.24 million. If every new addition to a company's vendor ecosystem heightened the risk of an unexpected four million dollar invoice, perhaps the C-Suite would pay more attention to the pleas of their Chief Information Security Officer... 

But, in the words of a dismissive CEO "don't come to me with problems, bring solutions." There is one. Granted, nobody can remove third-party risks altogether (although they can insure against them) but a robust auditing process of suppliers is much easier to achieve than you might think. 

Don't worry, there's no need to search the web for a cyber audit template that'll be completed annually by an already over-worked cyber security team. Even if you had the time to manually audit every supplier, when would you find the time for risk mitigation? Instead, there's a better way. Introducing Horizon from Darkbeam.  

Horizon automates the auditing process. It attaches a numerical value to risk (low number = good, high number = bad) and it performs tests that matter, mapped against the MITRE ATT&CK® framework. So the audit results are just as helpful to non-technical stakeholders as they are to the CISO. Plus audits are performed in seconds, not weeks.  

 "With the hard work of auditing done for them, what will the Infosec team do?" - Your CEO, possibly. Well, they'll have time to do the work that really matters. The threat mitigation, incident escalation, co-ordination and policy enforcement that they joined the profession to do.  

There isn't a magic spell to remove third-party cyber risks. If there was, we promise we'd tell you it. But there are some excellent ways to reduce it. Try Horizon by Darkbeam for free 

Ross

Subscribe Here!