 |
Organizations are increasingly relying on third parties such as vendors, suppliers, contractors, and partners, and cyber-criminals are targeting these relationships to gain access to the organizations themselves. Enterprises are deepening their technical relationships with these partners, suppliers, and providers as part of their shift to digitally transform their businesses and supply chains. As a result, organizations need to assess the risk of working with these partners and maintaining an accurate picture of their security posture, experts say. While third-party risk management programs historically relied on questionnaires and high-level monitoring and planning, experts say organizations can use threat intelligence to validate security controls and assess security posture. The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers breached a third-party cloud provider to compromise Uber’s systems, details of the investigation in how Lapsus$ compromised Okta, and how organizations need to improve their third-party risk management practices if they are going to move to zero-trust access. |
