With large-scale cyber incidents (such as the recent Solar Winds attack) and third-party breaches becoming more and more common, the risk that third-parties pose to an organization’s own cybersecurity is at the top of the list of concerns for security teams in 2021.
The number of third parties being utilized by organizations has been steadily growing every year, and the pandemic forced the hand of those companies who had yet to fully (or even partially) roll out a digital transformation strategy. This meant that many IT teams were left scrambling to not only get their workforce set up for a remote work, but also to deal with less and less time to properly vet the third parties that they are allowing into their vendor ecosystem. The number of endpoints needing to be secured grew, however, the budgets and head count to stay afloat with proper vetting did not.
One of the third-party endpoints that grew considerably because of the pandemic was apps. According to a recent report , mobile app usage grew 40% year-over-year in Q2 of 2020, with several of the top apps in the quarter being work-related. In fact, business app usage itself was up 220% from the fourth quarter of 2019. For example, four of the top five business apps focused on collaboration and video conferencing, with Zoom and Microsoft Teams taking the number one and number two spots.
These third-party apps surely have their own native cybersecurity protections in place that would trickle down and protect their users, right?
The short answer is (most likely) yes, however it’s not that straight-forward.
And therein lies the problem—and danger.
IT teams can no longer assume that the third parties they’re working with—no matter how large and well-known—are immune from cyber-attacks. While most vendors have the best of intentions when developing and implementing their own cybersecurity plan, the fact of the matter is, there may be blind spots that leave their customers vulnerable. Coupled with the fact that bad actors are getting more and more sophisticated (and resource-backed), it’s more important than ever for every organization to do their own due diligence and take a proactive approach to assessing the risk posed by the third parties that they utilize in the course of doing business.
Mobile app usage for business purposes isn’t going to decrease anytime soon. Having knowledge of each vendor’s cybersecurity practices ahead of time gives you the opportunity to mitigate any risks that may be present with that third party, and it gives the third party an opportunity to correct the security concern once they’re made aware of it. This lets them secure their environment not only for your organization but for all of their customers, as well.
A comprehensive, analytics-driven approach to third-party cyber risk management (TPCRM) ensures that you have visibility into each vendor’s security controls to show how they will protect you against threats. You can confidently move your TPCRM program forward with validated risk assessments and residual risk data that shows you specifically where to improve risk mitigation and security in your third-party ecosystem. One of our TPCRM experts can guide you through how CyberGRX takes the guesswork—and resource depletion- out of vendor management.