Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.
Mitigating Risk With Threat Intelligence
Dark Reading's latest special report looks at a missing, but necessary, ingredient to effective third-party risk management.
George V. Hulme, Contributing Writer
July 6, 2023
2 Min Read
Source: Andrii Yalanskyi via Alamy Stock Photo
When it comes to enterprise risk, third-party cybersecurity risks have increased substantially in recent years. By implementing an effective third-party risk management program, organizations can mitigate much of their risk and better protect themselves from attacks that emanate from third parties. The key word here is "effective."
Dark Reading's latest special report, "How to Use Threat Intelligence to Mitigate Third-Party Risk," digs into how threat intelligence can be implemented to attain a continuous risk assessment on partners, suppliers, vendors, contractors, and other third parties.
Third-party threat intelligence helps security teams move beyond capturing a point-in-time view of security and regulatory compliance maturity and more accurately assess the risk over time. The convergence of threat intelligence and third-party risk management (TPRM) programs can ensure that third parties don't drastically increase the risk of data breaches or other cybersecurity events and, should such an incident occur, can help to minimize its impact.
How TPRM Is Changing
Historically, if TPRM was done at all, effective programs included identifying, categorizing, and assessing the risk of third parties, along with due-diligence questionnaires designed to gauge the maturing of their security and regulatory compliance program. Additionally, an enterprise would conduct a thorough independent investigation of vendors before signing any contract. Finally, the organization would include new partners and suppliers in their incident response planning so as to minimize any incident's impact.
"Organizations can send questionnaires, and they're going to provide some indication of the policies they have in place and their certifications," says senior research analyst at Forrester Alla Valente, who covers governance, risk, and compliance (GRC), third-party risk, and supply chain risk. "But that doesn't tell you everything happening inside their networks or systems. It also doesn't provide answers about broader risks, such as geography or if nation-states are targeting that vertical. These are all things you want to identify."
While there is scant data on how enterprises use TPRM threat intelligence to improve their third-party risk management, TPRM programs are gaining steam. In Prevalent's "2022 Third-Party Risk Management Industry Study," two-thirds of respondents reported that their TPRM programs have more visibility among executives and the board than the year before.
Read Dark Reading's "How to Use Threat Intelligence to Mitigate Third-Party Risk" for ideas on reducing third-party risks for your organization by leveraging threat intelligence.
About the Author(s)
You May Also Like
More Insights
Webinars
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Events
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024