3 ways to reduce supply chain cyber risk
According to the Ponemon Institute, 60% of data breaches are caused by a company's suppliers and other third parties*; 58% of breaches target client data**. The conclusion? Never trust a company with your data without assessing their security first.
As a global organisation, we speak to hundreds of companies who use service providers to remain efficient and competitive.
Cyber risk should be treated like AML and KYC checks – you would never expose your company to terrorist financing or sanctioned individuals, so why would you open yourself up to companies with inadequate security?
Here are 3 ways every company can monitor their providers:
- Due diligence
IT Security Questionnaires are essential for understanding your providers’ controls, procedures, certification and history.
- Threat Intelligence
Many companies are now using threat intelligence to enhance their oversight with continuous monitoring of suppliers’ vulnerabilities, breaches and other issues that could provide entry points to malicious actors.
Sometimes monitoring is not enough. Where you encounter a high-risk organisation, you should act quickly to find out more, share intelligence and require them to build security. Where suppliers do not engage, you may need to terminate the relationship and avoid a potentially catastrophic security breach.
Thomas Murray’s risk platform includes due diligence and threat intelligence tools, so you can efficiently monitor your providers and build a secure network.