Organizations today connect with more supply chain partners than ever before, a reflection of the distributed and connected environment in which most enterprises now operate. Procurement, as a result, is more automated and streamlined. Yet, even as these procurement processes become simpler, addressing third-party cybersecurity risks has become more challenging.
The risks are significant: Consider the 2023 breach of file transfer software vendor MoveIt, where threat actors exploited vulnerabilities in the software to exfiltrate high-value data from approximately 2,300 public and private commercial entities, which cost more than $10 billion. The MoveIt attack was far from unique. Capterra, a technology review site, found that 61% of U.S. businesses experienced supply chain attacks in 2023.
To counter the risks associated with vendors, service providers, partners, contractors and other third parties, organizations must conduct third-party risk assessments before investment, and on an ongoing basis.
Assessing and addressing third-party risks
The digital nature of procurement has led to the less manual nature of purchasing. Automation enables enterprises to significantly…
