Today’s cybersecurity landscape requires an agile and data-driven risk management strategy to deal with the ever-expanding third-party attack surface.
When a business outsources services by sharing data and network access, it inherits the cyber risk from its vendors across their people, processes, technolog, and that vendor’s third parties. The typical enterprise works with an average of nearly 5,900 third parties, which means companies face a huge amount of risk, regardless of how well they cover their own bases.
For instance, 81 individual third-party incidents led to more than 200 publicly disclosed breaches and thousands of ripple-effect breaches throughout 2021, according to a report by Black Kite.
The current outside-in approach to managing third-party risk is inadequate. Instead, the industry needs to move toward a new third-party risk management approach by initiating conversations beyond outside-in assessments. Specifically, businesses should establish zero-trust principles for all vendors,…
