Why You Need Cyber Risk Standards - Part I

by Kiran Kumar

CyberGRX
Resources
Third Party Risk Management (TPRM)
Why You Need Cyber Risk Standards - Part I

“Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19.”- Jürgen Stock, INTERPOL Secretary General

In this two-part series, we discuss the importance of and ways to mitigate third-party cyber risk despite the major adjustments organizations around the world have had to make due to the current business environment.

Source: Digital Transformation and Cyber Risk: What You Need to Know to Stay Safe

With the persistence of COVID-19, the impact on global third-party supply chains has only increased, making assessing third-party risk more important than ever.

The needs of organizations have changed, and focus has shifted to remote workforces and business continuity. Prioritization of third parties and their services that play vital roles in the day-to-day operations to help organizations achieve their goals has become even more critical in these uncertain times. Despite this growing need, McKinsey predicts “>70% of CISOs and security buyers believe budgets will shrink by the end of 2020.” (source) Unfortunately, this oftentimes leads to corners being cut, and security processes—both in place and planned—become an afterthought.

Fortunately, there's a straight-forward way for organizations to continue mitigating risks despite these factors. Organizations should begin measuring the Maturity and cyber hygiene of their third parties and establish a baseline. Using bespoke questionnaires, customized spreadsheets and emails is NOT the way to go about it. It’s important to modernize and streamline redundant and inefficient processes that come with shared and static spreadsheets. The need of the hour calls for leveraging frameworks such as NIST (800, CSF, etc.), NERC, GDPR, APP, etc. to measure the data protection policies and standards of third parties. Having a Standards framework will show what adjustments are needed to strengthen the policies and report in a consistent manner to leadership on the baseline and improvements being made.

Standards can help outline procedures designed to reduce risk exposure. Centralizing the assessment of third-party resilience during periods of disruption and heightened risk are major operational advances an organization can take to be resilient.

Global Risk Exchange

Predictive Risk Profiles

Auto Inherent Risk Insights

Integrate ServiceNow VRM

Framework Mapper

Cyber Threat Profiles

Attack Scenario Analytics

Portfolio Risk Findings

Threat Tools

Dummies Guide

Verify Vendor Compliance

Vet & Onboard Vendors

Prioritize Third-Party Risks

Manage Your Cyber Reputation

Secure Program Investment

Prepare for a Zero-Day Attack

Optimize TPRM Resources

Success Stories

Technology

Retail

Financial Services

Manufacturing

Why You Need Cyber Risk Standards - Part I

Source: Digital Transformation and Cyber Risk: What You Need to Know to Stay Safe

Global Risk Exchange

Predictive Risk Profiles

Auto Inherent Risk Insights

Integrate ServiceNow VRM

Framework Mapper

Cyber Threat Profiles

Attack Scenario Analytics

Portfolio Risk Findings

Threat Tools

Verify Vendor Compliance

Vet & Onboard Vendors

Prioritize Third-Party Risks

Manage Your Cyber Reputation

Secure Program Investment

Prepare for a Zero-Day Attack

Optimize TPRM Resources

Technology

Retail

Financial Services

Manufacturing

Why You Need Cyber Risk Standards - Part I

Source: Digital Transformation and Cyber Risk: What You Need to Know to Stay Safe

Get Cyber Risk Intel delivered to your inbox each week: