And let's face it, it has some selfishness, but of the kind that aims for everyone to be safer in order for us to be safer too, given that the more companies invest on cybersecurity, and the more the cybersecurity of the value chain is strengthened, all together, as an ecosystem, we will be safer.
Therefore, for those organizations that want to improve the security of their third parties, we recommend working on the following aspects:
1.- Involve all corporate stakeholders.
It is not possible to manage third party risk effectively and efficiently if all affected areas are not involved: Business, Procurement, Compliance, DPD, Risk and Cybersecurity.
2.- Design a holistic proces
Being in a weak position of defense means that the smallest loophole can generate a significant incident, so the process must address all relationships with third parties (not just suppliers).
3.- Integrate cybersecurity as another risk in the procurement process.
Cybersecurity must form part of the negotiation with the supplier itself to the same extent as the other components of the service.
4.- Identify and characterize the inventory of third-party services
What is not known cannot be protected. It is necessary to know how many services have been outsourced and how critical they are for our organization.
5.- Trust but verify
Questionnaires are not reliable and neither are management systems. It is necessary that the information is confirmed (better by the supplier itself and with an independent third party).
All you need is LEET
Suscribe to our newsletter here