The SolarWinds hack is a strong reminder why third-party risk management is so important. Not only was SolarWinds breached, but the hack is now believed to have affected upward of 250 federal agencies and businesses. Here, we speak to Jonathan Ehret, Vice President of Strategy & Risk at RiskRecon, who believes organizations should be asking their vendors about the third-party risk management and cybersecurity policies they have in place to protect against a breach and leak of critical data.
While providing access for third-party, non-employees is critical to meeting business objectives, it oftentimes has the unintended consequence of exponentially increasing an organization’s attack surface. With the proper identity-proofing practices and capabilities in place, organizations can verify the identities of their users, support risk management initiatives and better protect critical assets – eliminating the third-party risk management blind spots.
Outsourcing by companies has been an area of growth for many years, and the trend does not seem to be slowing down. For example, Gartner is forecasting a 17 percent growth in public cloud use worldwide in 2019. Leading the way is infrastructure-as-a-service or (IaaS) with an expected 27 percent growth alone.
A company is never able to predict when or by what means it may be targeted in a cyberattack, but it can prepare a robust response plan in the event of a breach. That response – contingent on the team, corporate processes and the technology that supports them – will ultimately determine whether a company ends up on the front page of The New York Times next to Equifax with its clients’ information on the Dark Web.
