A recent assessment of the approach being taken by businesses to managing external threats to cybersecurity was a tale of two paths – the right one to take, and the one most are currently on.
Prevalent released its report today into third-party risk management – defined as how organizations defend against possible threats to internal data from supply-chain and other outside parties they do business with that might have privileged access.
"This year’s study shows that third-party risk management is at a crossroads, demonstrating that companies have a choice of two paths to take – the existing path and the better path," said Prevalent.
As an example of this, it praised the fact that organizations appear to be taking a more strategic approach to containing potential threats from outside parties, but said that more still needed to be done.
"Organizations should work to eliminate stubborn manual methods for assessing third parties that make audits more complex and time consuming," it said, adding that 45% of firms still use spreadsheets, resulting in a third needing a month or more to produce sound audits of firms they do business with.
Moreover, it had taken catastrophic cyber incidents, such as last year’s Log4J attacks and Toyota’s supply-chain breakdown after an apparent cyberattack in March, to spur businesses to take cybersecurity strategy more seriously – and despite this shift, many still remained remarkably unconcerned about external risks to their data. One in eight organizations said they did not monitor for third-party breaches, and one in twelve admitted to having no incident response program in place.
As a result of this laxity, such organizations took an average of two-and-a-half weeks to respond to breaches that did occur, “a lifetime for an organization to be vulnerable to a potential exploit,” according to the report, which added: “Good luck when the next SolarWinds hits.”
Poor cybersecurity when dealing with third-party vendors was also found to have contributed to the problem, with seven in ten businesses suffering an outright breach or related incident as a result of slacking off in this area.
In light of the report’s findings, Prevalent is urging organizations to centrally manage vendors they do business with on a single platform, keep tabs on suppliers’ use of technology, and consolidate track records of cybersecurity and other related areas of risk to allow for more integrated assessments of third parties.
Full article here https://cybernews.com/security/firms-not-taking-data-threats-seriously-enough/
#cybersecurity #ransomware #backup #threat #yokdata #blog