Insights blog.

There are layers of uncertainty plaguing security professionals when it comes to the time, money, and energy they spend focusing on their third-party risk management systems. Without the proper tools and analysis, it is hard to know if your program is effective.

Today’s businesses can’t succeed on their own, which is why they turn to third parties to grow and stay competitive. However, these partnerships can introduce unwanted cyber risk.

If you’re running a third-party risk management program, you’re probably no stranger to pressure. Between business owners demanding vendors be onboarded ever faster, to the ever present threat of a data breach, there is a lot to worry about. One of the biggest concerns in today’s security environment is the constantly evolving threat of a breach - especially with vendors.

From a security perspective, your work isn’t done when a new vendor signs on the dotted line. After the onboarding process is complete, you must implement continuous monitoring practices to ensure your new third-party maintains the desired security posture — and doesn’t expose your organization to unwanted risk.

According to an Opus and Ponemon Institute study, 59% of companies have experienced a data breach caused by one of their vendors or third parties — while only 16% claim they effectively mitigate third-party risks. Don’t be a part of these alarming statistics: In order to protect your organization’s valuable information, it’s critical that you set up the necessary security expectations from the onset of a new vendor relationship. Now, as an increasing percentage of businesses are moving to the remote office model, having these security conversations early on is even more critical — because residential IPs account for more than 90% of all observed malware infections and compromised systems.

When onboarding new vendors, it takes the median company an average of 90 days to complete due diligence — 20 days longer than it did four years ago, according to Gartner. In a competitive business climate where speed can be the difference between success and failure, a lengthy onboarding process undercuts your organization’s efforts at digital transformation and growth acceleration. And now, with as much as 75% of the workforce in some industries shifting to remote work due to the coronavirus outbreak, finding operational efficiencies in your onboarding process is more important than ever.

With as much as 75% of the workforce shifting to remote work in some industries, organizations around the world are seeking to rapidly acquire new software and technology to properly enable the business, facilitate the new needs of workers, and prevent employees from turning to unauthorized shadow IT.

Did you know that, according to an Opus and Ponemon Institute study, 59% of companies have experienced a data breach caused by one of their vendors or third parties? During these uncertain times, when many industries are shifting to an increasingly remote workforce, organizations may feel pressure to accommodate new business requirements by onboarding new technology faster. However, given the frightening implications of a potential breach — and the fact that phishing attacks and other cyber scams are on the rise due to the ongoing coronavirus pandemic — it’s more important than ever that you consider a potential vendor’s cybersecurity posture before you sign on the dotted line.

Third parties can play an essential role in your ability to grow your business and remain competitive. Of course, if you’re not careful, these trusted partnerships may introduce unwanted cyber risk into your organization. This is particularly true as more and more businesses are moving to mandated work-from-home models — because residential IPs account for more than 90% of all observed malware infections and compromised systems. With this widespread workforce shift, new vulnerabilities are being introduced both internally and within your third-party network, thereby increasing risk across your ecosystem as a whole.

In today’s ever-evolving, competitive business climate, organizations are partnering with more and more vendors to ensure they’re as agile, flexible, and efficient as possible. Now, at a time when as much as 75% of the workforce is shifting to remote work in some industries, this is more true than ever — with organizations seeking to rapidly acquire new software and technology to help accommodate new business requirements.

Over recent weeks, the ongoing spread of the COVID-19 coronavirus has forced companies around the country to make difficult decisions about how they can do their part to protect their employees — as well as their communities as a whole.

The Department of Defense (DoD) has one of the largest supply chains in the world, scaling to hundreds of thousands of different vendors and partners. Yet, these vital partners in our nation’s defense infrastructure pose a huge cyber risk.

Cyber hackers are an opportune group of people, hunting like predators and shifting their approach as needed. And now, they’re leveraging the concern and — in some cases — hysteria about the coronavirus outbreak to advance their nefarious objectives.

Earlier this month, ZDNet broke the news that the FBI had sent a cybersecurity alert to the U.S. private sector warning of an ongoing hacking campaign against supply chain software providers. According to the FBI, hackers are attempting to infect upstream companies — particularly those in the energy sector — with the Kwampirs malware, a remote access trojan (RAT).

Back in 1990, Hollywood producers imagined a complex plot in which an army of mercenaries with malicious intent hack into and take over the air traffic control system at Washington Dulles International Airport. The result was the classic movie, Die Hard 2.