While this pandemic has caused a lot of angst and change in business, there are some lessons that can be learned from how we are trying to stop the spread of COVID-19. What we have learned is that the best way to stop the spread of this virus is through prevention methods—especially when you are interacting with other people. Good third party cyber risk management is similar—the goal is to prevent the spread of cyber attacks from other companies. So when you think about it, the prevention methods for COVID-19 can be a great metaphor for a cyber risk strategy.
- Wear a mask when you are in public. Just like you should wear a mask when you are interacting with the public during this pandemic, you should make sure that your third parties have a good “cyber security mask” for all of their public facing systems, applications and data. To do this you need to look for holes in that “cyber mask” before you interact with that partner. This can be costly and resource intensive, so an automated approach that tests for flaws in that “mask” from multiple angles, including passive data sources and active scanning, is your best approach to making sure your partners are protecting themselves from infection by covering their public facing systems.
- Practice social distancing. Maintaining six feet between yourself and others, especially those you do not need to engage with, has helped slow the spread of COVID-19. The principle is simple: stay away from people you don’t know and only get close to those you do. Applying this same principal to your third parties and their systems makes a lot of sense, but how can you determine what part of their cyber infrastructure you need to interact with and what parts you don’t? You need a cyber risk management platform that allows you to identify in-scope infrastructure. This means you only evaluate the systems and applications you need to work with and maintain “six feet of cyber distance” from those you don’t.
- Stay away from those who are ill. Perhaps the most basic advice you can give, but the reality is that it can be difficult to know who is sick. Symptoms are often invisible to the naked eye, so how do you know? With the pandemic it means taking temperatures constantly and testing for the virus at critical times. These same methods can help your organization maintain healthy third party relationships with your vendors. By continuously monitoring your vendors vital infrastructure through proactive approaches, you will know immediately if there is a new risk to your business. But just like with COVID-19, when someone is diagnosed with the disease, we don’t abandon them. Quite the contrary. We all work together to defeat the virus and bring that person back as a healthy part of society. When a third party has an issue you need to do the same:communicate the issues and work together to mitigate the risk to restore a healthy partnership.
Even though this pandemic has been horrific, there are lessons we can apply to our cyber risk strategy. Now the question is, how does my company’s third party cyber risk team do these things, especially with limited resources and shrinking budgets? The answer is that you need an automated approach, powered by a complete cyber risk management platform that offers all of these capabilities and more. FortifyData’s Cyber Risk Platform offers these features and is the only platform that provides:
- A comprehensive third party cyber risk scoring approach utilizing passive data sources like active scanning of critical public facing infrastructure, OSINT data, a questionnaire-based assessment and even evaluation of internal systems at the third party, if desired, that delivers the most accurate score in the industry.
- A configurable third party evaluation methodology that allows you to determine what assets are in-scope for your partnership and only focus your resources on monitoring those interactions.
- Continuous monitoring of all cyber security factors to immediately identify new risks to the business and allow your organization to communicate through the FortifyData platform to mitigate the risk and maintain the partnership.
Regardless of whether you use FortifyData, these lessons can help you maintain healthy third party cyber security. Some good should come from this pandemic, so maybe by using these pandemic prevention approaches you can save your business from a future cyber attack through a third party.