Measure 3rd party risks
Supply chain risk assessment
In a post-pandemic world, the importance of measuring and quantifying 3rd party risk in an organization’s supply chain cannot be overstated. Cybersecurity is not just about protecting your own data; it also means understanding how to keep all the information that flows through your business secure. This includes vendors you work with on a daily basis, like those that provide IT services or provide raw materials for manufacturing processes.
Cyberattackers are becoming more sophisticated every day, and this means that they will eventually find their way into any company with lax security measures. We want to help organizations identify where they are most vulnerable so they can take action now before something bad happens!
Over the last 18 months at NCX Group we’ve had the opportunity to see just how drastically companies have changed in order to meet their business needs in order to survive during this difficult time. More importantly, we’ve been able to measure the impacts on cybersecurity, business continuity, incident response, compliance, and overall day-to-day execution in the security without walls world.
While in the past there was a perimeter to follow, now there is a new perimeter, one without walls. Businesses have moved to the cloud and virtual desktop management solutions to give business data access to employees from home or wherever it is they are working from. There is also the utilization of different tools to communicate and share documents between departments and teams, such as Zoom for video conferencing and Slack.
Through our own findings after reviewing cross-sample of the organizations, we have assessed over the last 3 years from 2019, 2020, and 2021 we have seen a significant regression through the start of the pandemic to today in just basic cyber hygiene. Using the NIST Scoring method from 800-171 and 800-53 we have seen a reduction of at least 50% across all industries in how they grade out against the NIST Cybersecurity Framework. At the same time, recent data from SonicWall shows that there have been 304 Million Ransomware Attacks in just the first 6 months of 2021 and that is a 151% increase from last year. This is the worst year on record for ransomware that SonicWall has ever recorded.
This leads us to the need for supply chain risk management, as well as how all businesses must improve in determining the risk to their organizations from their vendors and be able to model financial consequences of poor cybersecurity. Cybersecurity has to be intertwined into your organization’s business strategy and it will require a large shift in thinking. Cyberattackers are no longer focusing on one company, they are targeting entire ecosystems — which means that improving cyber resiliency requires leadership across your organization at all levels. Organizations must develop an organizational-wide Cyber Risk Management program with measurable Cybersecurity objectives, strategies, and tactical plans.
When it comes to understanding the risks that vendors can have, companies use security tools and/or security assessments, which is how a score is established. NCX Group now employs a cutting-edge, passive recon technology that assesses your company’s security posture based on what is publicly available from 450 collection points on the web and this is how we calculate your Vendor Risk Score. The dark web, the normal internet, and the Internet of Things (IoT) are all utilized to collect data for vendor risk management scoring. It is thanks to these sources that they are able to highlight the risks that a company faces, what is legitimate and what is not legitimate as well as what you will need to correct to improve your score.
This methodology can be used to improve your score and how you are view by your business partners, but it can also be used to improve your own supply chain and mitigate the third-party risk to your organization. Do you know what your security score is? Perhaps it’s time to find out.
Schedule your free consultation here.
Photo courtesy of pedrosek