Matan Or-El (Matan@panorays.com) is co-founder and CEO of Panorays in New York City.
In 2018, we saw the hacking of major retailers, such as Ticketmaster, Feedify, and British Airways, which occurred when the notorious cybercriminal Magecart group breached a company that provided web applications. In another security incident, more than 2.65 million Atrium Health patients’ data was breached through a third-party billing vendor, AccuDoc Solutions. Third-party security is clearly becoming an increasingly pressing concern for organizations.
A recent study by the Ponemon Institute found that 61% of US respondents reported that their organization experienced a data breach caused by one of their third parties, compared to 49% in 2016 and 56% in 2017. With an increase in the number of third parties hired by organizations, sophisticated hacking techniques, and more data privacy laws, the implications of third-party risk will likely become even more serious.
Automation: Key for third-party security management
Typically, auditing in the form of questionnaires is an essential part of third-party security management. These audits are conducted using spreadsheets, resulting in an arduous, time-consuming, and expensive process. Worse yet, these audits only reflect the point in time that they were performed, and thus become outdated almost immediately.
Organizations looking to accelerate their business must develop effective strategies for evaluating third-party cyber risk. How can they achieve this? By automating the process.