After large breaches such as Home Depot, Capital One, Equifax, Best Buy and many other big names, CISOs, Cybersecurity professionals and business leaders have spent countless hours and money upgrading their cybersecurity internally. Data Loss Prevention, Cloud Access Security Broker, Intrusion Detection/Prevention, Zero Trust, Privileged Access Manager, and countless other projects and systems. And yet the breaches continue to grow. The reason is akin to your home security. Spend thousands of dollars in alarms, bars on the windows, security cameras, and high-tech door locks. However, you don’t really vet the workers who come in the side door and your house is in a neighborhood with high crime. Companies heavily rely on vendors in today’s business world and looking at your own security must include the security of your third-parties: your customer data resides at them.
The reader of this book will learn how to create a third party risk program with cybersecurity at the lead, greatly lowering the risk of a breach from a third party; leveraging this program to grow its maturity to go from being reactionary to predictive.
In this article, Greg describes the risks of third party software and offers solutions to lower that risk by testing them, whether on-premises or in the cloud.
In this article, Greg writes about how to move from a reactionay to a program that is more predictive and reduces risk actively. Please check out the article on the CISO Mag Website:
CISO Magazine Online: https://cisomag.eccouncil.org/third-pa