Welcome to Cyber Security Awareness Month!
News and information from the Advent IM team.
- by Ellie Hurst
- Advent IM Blog General
You may have thought that October was all about Halloween and of course, it is, but it’s also the month of Cyber Security Awareness and where would we be without this month to share good practices, warn of bad practices and make helpful suggestions for how to improve things. At least that’s how we roll at Advent.
Third-party breach is all too common. 2022 has seen a variety of breaches caused by third parties and previous research by the Ponemon Institute tells us that Fifty-nine percent of respondents confirm that their organizations experienced a data breach caused by one of their third parties and 42 percent of respondents say they had such a data breach in the past 12 months. Additionally, 22 percent of respondents don’t know if they had a third-party data breach in the past 12 months.
Only 29 percent of respondents say a third party would contact them about the data breach.
A very small percentage (12 percent) are confident they would learn that their sensitive data was lost or stolen by an Nth vendor. Many organisations find the complexity in third-party relationships is a barrier to creating a comprehensive inventory of third parties, which is a basic requirement to manage this kind of risk but more than half do not monitor the security or privacy practices of the vendors with whom they share sensitive or confidential information. Of course, if you do not know who all of them are, it would be impossible to do. When you consider so few have this inventory, you start to see why there is such a growth in the number of this kind of breach. Add to that such a small number (15%) being confident in knowing if their information is being accessed or processed by further parties with whom they have no relationship and we can see… Despite the risk, the management of outsourced relationships is not a priority.
So, as we are in Cyber Security Awareness Month we cannot let the chance pass by to remind you that managing your supply chain relationships and their security status MUST take priority.
It is the elephant in the room and scope creep when it comes to third parties is rampant. Many organisations have lost track of the access or data shared with their first-degree contacts, let alone have their arms around any forward sharing that may be occurring. As control slips out of our arms the risk increases and so finding a way to assess and triage risky partners quickly is key. An up-to-date Information Asset register, build an inventory of suppliers, and start to consider the relationships you have and what information assets you are sharing. This will be hugely valuable and enable you to start and prioritize which relationships need the most attention, and which relationships need to be reviewed or audited most regularly Then you can start to build your program of activity. It is highly likely you will need help to do this but given the state of third-party breaches and incidents, it is surely clear that it will help support your organisational security resilience.
If you do need help with your information asset register or you want to find out about third-party assurance you can visit our website or drop us an email or call us.
Keep watching for more content throughout October and don’t forget to check out our other videos.
Please like and subscribe so we can continue to make helpful content.