Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.
Fighting Third-Party Risk With Threat Intelligence
With every new third-party provider and partner, an organization's attack surface grows. How, then, do enterprises use threat intelligence to enhance their third-party risk management efforts?
July 24, 2024
The network of global supply chains means organizations are more interconnected than ever, which increases the potential for a data breach or other security incidents involving third-party suppliers and partners. Third-party vendors, especially those digitally connected to an organization, significantly increase their attack surface and open exposure to software supply chain risks, vulnerabilities, and malicious or negligent insiders.
According to Cyentia Institute, 98% of organizations have at least one third party that suffered a cybersecurity breach within the previous two years.
Organizations have increased their investments in third-party risk management (TPRM) programs to mitigate these risks. In its "2023 Global Third-Party Risk Management Survey," EY found that 90% of respondents were investing to improve their programs' effectiveness. In a recent Dark Reading report, "Managing Third-Party Risk Through Situational Awareness," experts outline how organizations can use threat intelligence to effectively manage third-party risk.
"Third-party risk management is such a big challenge for CISOs," says Rick Holland, VP CISO at security services provider ReliaQuest.
Experts say that the top drivers for TPRM investments are regulatory demands, increased remote work, and data privacy. Much of that investment is being used for threat intelligence programs. By harnessing threat intelligence from various sources, organizations can comprehensively understand the threat landscape and make informed decisions to manage third-party risks effectively.
Threat intelligence is found in many sources, such as open source intelligence, commercial threat intelligence providers, industry-specific information sharing and analysis centers, and internal security data. As applied to third parties, threat intelligence analysts incrementally add intelligence that could indicate that their third parties are either at risk of attack, under attack, or have recently been attacked. Such indicators include comments on Web forums and marketplaces, leaked data, credentials spilled on the Internet, and more.
Download the report to learn how to get started with threat intelligence. Organizations can better comprehend their threat landscape through such threat intelligence and make better-informed decisions to manage their risks. Learn how to collect and use threat intelligence to help reduce many risks associated with third parties.
About the Author
You May Also Like
Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024