Manage Vendor Risk in a Few Practical Steps
Risk tolerance, exposure visibility, board oversight — handling third-party risk is complicated but achievable with disciplined, precise governance.
Third-party risk concerns cybersecurity weaknesses in vendors and service providers that can expose connected organizations to breaches, outages, or data loss.
Search across headline titles and summaries.
Background for this topic.
Third-party risk is the security exposure created when an organization relies on external suppliers, contractors, cloud services, software providers, or business partners. These parties may process sensitive information, connect to internal systems, or supply software and services whose security the organization does not fully control. The tag generally covers cyber, privacy, and operational risks arising from those relationships, including dependencies on a provider’s own suppliers.
Security-relevant concerns include excessive or poorly governed third-party access, vulnerabilities in supplied software or services, and inadequate protection of shared personal or business data. Useful controls include assessing a provider’s security before onboarding, limiting and reviewing access, requiring vulnerability and incident-notification practices in contracts, monitoring material changes, and promptly removing access when a relationship ends. During an incident, organizations may need provider logs, evidence, and coordinated response actions; clear ownership and communication paths are therefore important.
Weekly headline count for the current query.
Risk tolerance, exposure visibility, board oversight — handling third-party risk is complicated but achievable with disciplined, precise governance.
Data collected by cyber-insurers show that ransomware accounts for the majority of insurance claims, but that much of the losses stem from third-party breaches affecting policyholders.
Managing third-party risk in the SaaS era demands a proactive, data-driven approach beyond checkbox compliance.
Secure by Demand offers a starting point for third-party risk management teams, but they need to take the essential step of using a mature software supply chain security solution to ensure they're not blindly trusting a provider's software.
The European Union's Digital Operational Resilience Act requires financial entities to focus on third-party risk, resilience, and testing.
The American Hospital Association and the Health-ISAC issued a joint threat bulletin warning healthcare IT providers that their ransomware plans need to consider third-party risk.
With every new third-party provider and partner, an organization's attack surface grows. How, then, do enterprises use threat intelligence to enhance their third-party risk management efforts?
An attacker accessed personal information of over 225,000 active, reserve, and former UK military members from third-party payroll processing system.
As Verizon Business redefines "supply chain breach," it could either help organizations address third-party risk holistically or just conflate and confuse.
The issue can seem daunting, but most organizations have more agency and flexibility to deal with third-party risk than they think.
Continuously evaluating and updating your third-party risk assessment can improve your security posture and ensure your company doesn't have the next headline-making incident.
Cybersecurity investment involves more than just buying security technologies — organizations are also looking at threat intelligence, risk assessment, cyber-insurance, and third-party risk management.
Companies should use a variety of tools and strategies, both technical and policy, to protect their IP from third-party risk.
Dark Reading's latest publication looks at a missing, but necessary, ingredient to effective third-party risk management.
Awarded individuals and companies are trailblazers in third-party risk management.
Additional functionality also added to the fourth-party risk solution is providing better visibility and insights into vendor risk.
Manufacturing relies on complex interconnected networks and technologies, but with more vendors comes risk that needs to be secured.
Solution streamlines the assessment, monitoring, and remediation of third-party risk for information security, compliance, and risk teams.