Today, an increasing reliance on third parties to perform a variety of operational business functions has generated growing demand for organizations to better understand the security postures of every vendor they engage with.
Cybersecurity is no longer limited to monitoring organizations’ internal security posture; they now need to understand and address the cyber risk posture of companies in their supply chains.
New guidance from the U.S. National Institute of Standards and Technology recommends a variety of best practices to mitigate supply chain cyber risk. This has been published in response to the dramatic increase in software supply chain security incidents.
Concerns were raised after recent cases of malicious actors continuously exploiting new and existing vulnerabilities in software, as well as in the security programs of IT and software providers, to gain unlawful access to customers and data. The increasingly common cadence of major incidents highlights the risks of software and software developers being compromised.
A Disproportionate Approach to Risk
Despite this, disproportionately little attention is given to risk across the third-party…
