We’re running a blog post series on the “Seven Deadly Sins of Third-Party Cyber Risk Management;” here’s the last deadly sin, which is limiting vendor risk management to periodic assessments.
Did you miss the other installments? Get caught up here:
- Sixth Deadly Sin: Trusting but not verifying
Managing vendor cyber risk through periodic assessments is insufficient. A lot can happen between assessments, even if they are conducted annually. Vendor data breaches could unknowingly compromise your data, risking penalties from regulators due to delayed customer breach notification. Critical vulnerabilities in vendor environments could go unaddressed, exposing your dependent operations and data to compromise.
Innovative organizations have pioneered the use of continuous monitoring to efficiently maintain awareness of their third-party cyber risk exposure. The continuous monitoring capabilities provided by RiskRecon enable them to easily detect and investigate material degradations in vendor cyber risk posture in a timely manner. RiskRecon customers have invented additional uses of RiskRecon capabilities to better manage third-party risk. These include:
- Dangerous Condition Hunting – Companies leverage the search capabilities of RiskRecon to periodically report and act on vendors that are operating software that is highly vulnerable to compromise, such as ancient versions of IIS, WordPress, and JBoss
- Critical Vulnerability Triage – Leverage RiskRecon to quickly identify which vendors and vendor systems are exposed to critical vulnerabilities, such as Apache Struts
- Monitoring Vendors for Data Breach – Proactively hunting for breach notifications for hundreds of vendors can be unmanageable. RiskRecon alerts customers to vendor breaches
Leveraging continuous assessment capabilities, such as those provided by RiskRecon, enable you to maintain cyber risk management of your vendors continuously, filling the gap between periodic assessments.
Want to read about the other deadly sins?