Most organizations today are acutely aware of the risks third-party relationships pose, and many employ some form of third-party risk management to understand and monitor these alliances. Another danger also bears watching, however: the threats organizations face from their vendors’ vendors.
Fourth-party risk is a growing issue. Read on to learn more about fourth parties, the security challenges they pose and how to manage fourth-party relationships.
What are fourth parties?
Third parties include both upstream suppliers and vendors and downstream distributors and resellers — many of which have direct connections or access to the organization’s IT network resources and data. The number of third-party alliances has grown dramatically in recent years, partly due to the widespread transition to cloud-based as-a-service offerings. According to Gartner, 60% of organizations work with more than 1,000 third parties.
Fourth parties — the vendors of an organization’s vendor — are becoming an increasing concern among regulators, particularly those in the banking and financial services sector. Attackers exploit fourth parties just the same as they do third parties to indirectly target an…
