It is an unfortunate truth that organizations are really only as secure as their least secure third-party vendor. This reality has been recently brought to the forefront.
Granting access to a third party broadens an organization’s cyber-risk landscape. Therefore, these relationships should be frequently assessed.
Consider, for example, the SolarWinds breach that compromised the data of major government entities and Fortune 500 companies.
Consider also the 2014 Target breach, in which a compromised third-party vendor led to millions of customers’ personal information being leaked.
The potential risks associated with outsourcing, external data housing, and supply chains may be impossible to completely eliminate, but it is important to consider third-party risk management as a component of overall security posture.