News outlets are wrought with stories of breaches, and no signs of this easing up are anywhere to be found. With attackers becoming more sophisticated by the day, it often feels like a daunting battle to keep our information safe. Despite organizations putting lots of dollars and bandwidth towards their information security efforts, sometimes it still feels like the popular quote from the show Cheers: “It’s a dog-eat-dog world, and I’m wearing Milkbone underwear.” One of the most pervasive and overwhelming problems facing businesses today is how to limit and reduce risk introduced into your company by the vendors you do business with. In fact, in today’s information landscape, nearly two-thirds of all breaches stem from third-party risks.
No one is immune to it. Routinely, we see world-class enterprises breached by a vendor who is not as diligent as they should be about protecting the information they access. This lack of diligence (or that of the organization in vetting their vendors) poses incredible risk for any company that belongs in their vendor matrix.
Perhaps the best-known instance of this is the Target breach of 2013. The breach happened because of an HVAC vendor who fell prey to a phishing attack. The hackers gained access to Target’s information through the network connection the vendor had. The attack design was brilliant, and the results were disastrous, costly, and well publicized.
No doubt Target has taken serious steps forward to ensure that the vendors they have are adequately protecting the information they have access to. But for many, third-party risk management is not even yet a blip on their organization’s security radar. If you’re like these organizations, you likely haven’t even begun thinking about how to handle the risk of your vendors, or you understand it’s important but don’t quite have an idea how to get started tackling it.
If this describes you, please join us for the spring 2019 installment of our Hacks & Hops event series. FRSecure’s CEO, Evan Francen, will be joined by a panel of industry experts who will all discuss the topic of third-party risk management in digestible terms. The event is aimed at offering tips that you can use to start managing the risk you assume when working with third parties.
DEFEND! Step Up Your Data Security Defenses Against Third-Party Risks will take place on March 28,
For more information and to register online, please visit our Eventbrite page.