The IT market is constantly reacting to global influences. As a result, organizations and their vendors must be able to adapt their security plans to accommodate risks on an unprecedented level. When an unexpected security incident happens to a vendor, organizations need to adapt quickly to new priorities to ensure continued long-term business success. To help organizations identify and quantify the potential risks caused by vendors, global IT research and advisory firm Info-Tech Research Group has published a new research-backed blueprint, Identify and Manage Security Risk Impacts on Your Organization.
“We are inundated with a barrage of news about security incidents daily. It’s easy to forget that there are ways to help prevent such things from happening,“ says Frank Sewell, advisory director at Info-Tech Research Group. “Most people are aware of defense strategies that help keep their organization safe from direct attack and inside threats. Likewise, they expect their trusted partners to perform the same diligence. Unfortunately, as more organizations use cloud service vendors, the risks with third-party vendors are increasing.“
The newly published research explains that identifying and managing a vendor’s potential security risk impacts on an organization requires multiple people across several functions, all requiring coaching on the possible changes in the market and how these changes could introduce new risks. The firm’s research also shows that organizational leadership is often taken unaware during crises, and their plans lack the flexibility needed to adjust to significant market upheavals and surprise incidents.
“Over the last few years, organizations have learned the harsh lesson that downstream attacks affect more businesses than we ever expected as suppliers, manufacturers of base goods and materials, and rising transportation costs affect the global economy,” explains Sewell.
Info-Tech recommends that vendor management practices can educate organizations on the potential risks from vendors in the market and suggest creative and alternative ways to avoid and manage them. The firm outlines the following approach to identify and manage vendor risks:
- Prioritize and classify vendors with quantifiable, standardized rankings.
- Prioritize focus on high-risk vendors.
- Standardize processes for identifying and monitoring vendor risks to manage potential impacts.
The research also explains that there are many individual components of vendor risk beyond cybersecurity, including:
- Regulatory and Compliance
The firm cautions that it is not enough to solely assess and monitor direct vendors. Many incidents come from third-party vendors with poorly mapped relationships to an organization. Info-Tech advises in the new resource that organizations completely understand their vendor landscape in order to avoid costly security incidents.
To learn more about the individual components of vendor risk and how vendor management practices can facilitate an understanding of them, download the Identify and Manage Security Risk Impacts on Your Organization blueprint.
[To share your insights with us, please write to email@example.com]