Small can be ugly when it comes to third-party cybersecurity

No Comments
security flaw

Digital transformation initiatives often involve closer relationships with other businesses, but these can expose a company to additional risk if the other party's security isn't up to scratch.

New research from CyberGRX, based on data collected from the third parties on its exchange, finds that company size correlates with the maturity of cybersecurity programs, more specifically, as companies get smaller, they have fewer controls in place and less mature programs.

A recent Ponemon report says that 82 percent of organizations have experienced one or more data breaches caused by a third party, costing an average of $7.5 million to remediate.

When there are many third parties in an enterprise's vendor ecosystem, it becomes challenging -- but more important than ever -- to know each organization's control coverage. CyberGRX highlights four 'control groups' that need to be addressed:

  • Strategic controls that address cybersecurity and privacy policies, planning, and governance.
  • Operational controls that cover everyday security activities such as threat analysis, incident response, and vulnerability management.
  • Core controls made up of technical safeguards like data encryption, key management, and endpoint protection.
  • Management controls which focus on security-related processes or functions such as configuration and change management or third-party risk management.

The research shows that companies with revenues of $1M-$10M have lower coverage across all control groups, particularly in Core controls (82 percent) and Management controls (78 percent). This underlines the fact that doing complete due diligence on all vendors, regardless of size, is vital.

The report's authors conclude, "Just paying attention to surface-level cybersecurity data or performing outside-in scanning, for example, is only the tip of the iceberg. In order to get complete visibility into the cyber health of third parties, companies should know the maturity levels of the vendors' security programs. This is because having programs that are efficient, scalable, and adaptable means more security for your business as well."

You can read more about the findings on the CyberGRX blog.

Photo Credit: Den Rise/Shutterstock

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

TEAMGROUP unveils MP44Q M.2 PCIe 4.0 SSD

Cyberwarfare incidents reported by almost half of UK firms

Ransomware, meet DRaaS: The future of disaster mitigation

Get 'Modern DevOps Practices -- Second Edition' (worth $39.99) for FREE

Number of ransomware victims up 20 percent in first quarter of 2024

Low-code tools boost developer productivity

Cisco warns of serious CLI command injection vulnerability in its Integrated Management Controller

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

61 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

17 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

16 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

16 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

EndeavourOS ARM discontinued: A huge loss for the Linux community

9 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

8 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.