Third party risk management: A getting started guide

Your vendor partners may be your organization's weakest link. Without a strong third party risk management program in place, how would you know?

three global network puzzle pieces
Metamorworks / Getty Images

For some, the idea of starting a comprehensive third party risk management program might seem like the ultimate task on some obsessive-compulsive bucket list. After all, most organizations today have dozens, if not hundreds … and often thousands … of third party vendor relationships. Just where, and how, would one even begin such a process?

But, as the saying goes, you’re only as strong as the weakest link in your chain. And that makes it critical to know just how strong the security defenses are for every one of those links. Your data security could easily be dependent on some other organization’s due diligence.

As evidence, consider a 2017 study by the Audit Committee Leadership Network, which surveyed nearly 400 private and public organizations and found that two-thirds have 5,000-plus third party relationships. And for some organizations, those third party vendors can be the open back door for hackers wanting to gain entrance.

A recent example is Airbus SE, which announced in September that it has taken new steps to guard its systems against cyber-attacks through the computer systems of subcontractors. Earlier this year, hackers targeted two of the firm’s suppliers – Rolls-Royce Holdings Plc and Expleo – in attempts to infiltrate employee personal information at Airbus SE.

With cybersecurity threats and awareness both on the rise, information security pros are facing greater pressure to make all systems and networks even more secure, to compensate for any shortcomings on the part of suppliers and partners. And they’re most often being asked to do it with a shortage of resources and manpower. All of which makes a strong third party risk management program vital.

5 phases of a successful third-party risk management program

To continue reading this article register now

7 hot cybersecurity trends (and 2 going cold)