Story image

Third party risks ‘a serious risk’

04 May 2016

Article by Narinder Purba, senior editor at ESET

Third party risks to organisations has been described as a “serious threat”, a new study by the Ponemon Institute and Shared Assessments as revealed.

The report, titled Tone at the Top and Third Party Risk, also found that most respondents believe that this particular threat is on the rise.

The main reason for this is down to “disruptive technologies”, the authors of the report were told.

Organsations said that they consider the widespread take-up of cloud-based services and the Internet of Things to increases third party risks.

“The threat landscape is constantly evolving, and as a result, third party risk is only going to increase,” commented Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.

“It has become imperative for organisations to create formal programs for vendor risk management in order to avoid being compromised, and more importantly, business leaders need to set a strong example.”

The paper also found that a major problem within enterprises in this key area is that accountability appears to be lacking any direct responsibility.

Consequently, not having single individual or department in charge of managing third party risk leaves organisations more vulnerable to threats.

The authors of the report recommend that those in positions of authority within an enterprise should set a “positive tone” when it comes to third party risk mitigation.

Advantages of this approach include boosting awareness among third party vendors of the need for good cybersecurity policies, such as data protection.

Charlie Miller, senior vice president with the Shared Assessments Program, said: “The highest level of organisations, the board and C-Suite, need to better communicate their values across the enterprise, setting a positive tone and creating formal programs to mitigate this risk, ultimately helping companies to improve their risk management practices.”

Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”