Third-Party Risk Escalates, But C-Suiters Aren't Paying Attention

[Mihir :-)]

Content source

http://www.infosecurity-magazine.com/news/thirdparty-risk-escalates-csuiters/

In business, third-party vendors and partners can open the door to significantly increased risk of cyberattacks—as evidenced most famously by the Target breach, where hackers entered using HVAC contractor credentials. But the aftermath can be a company-killer: Ponemon Institute researchers found that in the past 12 months, organizations spent an average of $10 million to respond to a security incident as a result of negligent or malicious third parties.

The firm’s latest report also found that third-party risk is only increasing with the growth in disruptive technologies such as the internet of things (IoT) and cloud security—70% of respondents acknowledged it as a ballooning issue. However, only 8% of respondents say improvement of their organizations' relationship with business partners is a top risk management objective. So the risk associated with third parties is growing, but the C-Suite and Board level are not prioritizing this issue.

In fact, in many organizations, there's not only no clear accountability around risk management, because most companies don't even have metrics to measure the effectiveness of risk management activities. Further, many of them don't even know what high value or sensitive data is in the hands of those third parties in the first place.

Read More:Third-Party Risk Escalates, But C-Suiters Aren't Paying Attention

 

[_CyberGhosT_]

The sad part is that many of these companies have IT resources that are under staffed and under educated,
or they cut spending on IT and leave their selves open and unprotected.
Nice share Mihir.
PeAcE