Third-Party Risk Is Major Concern for Organizations
By Fred Donovan, Senior Editor, SAPinsider
Some of the largest data breaches have resulted from attackers penetrating poorly secured third parties before gaining access to the primary target. Yet, many organizations have little visibility into or control over third-party risk.
This is where third-party risk management comes in. Third-party risk management focuses on identifying and reducing risks related to those third parties, which include vendors, suppliers, partners, contractors, and service providers. While requirements for third-party risk management can vary by industry and organization size, there are best practices that every organization can employ to reduce risk.
SAPinsider sat down with Parham Eftekhari, senior vice president, and executive director of the Cybersecurity Collaborative, to discuss ways companies can reduce their third-party risk exposure. Eftekhari, who is also chairman of the Institute for Critical Infrastructure Technology, offered these recommendations for companies:
1) Create an inventory of all your third parties
2) Classify the risks of these third parties to your organization
3) Build security requirements into third-party contracts
4) Monitor the security posture of your third parties
5) Cut off access for your third parties when your relationship ends
To learn more about third-party risk management, watch this short video interview with Eftekhari.