<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=26304&amp;fmt=gif">
Vendor Selection

How Continuous Vendor Monitoring Can Prevent Service Interruptions

Noah Simon | July 20, 2018

On a Friday morning in October 2016, millions of people across North America attempted to visit popular websites including Spotify, Reddit, and the New York Times, only to find that they were inaccessible.

A number of services experienced hours of downtime that day, and it was all because of a cyber attack on a single DNS provider called Dyn. A series of DDoS attacks prevented Dyn from getting completely back online until later that evening.

In other words, a single point of failure caused hours-long operational interruptions for many of America’s most popular web services. The costs of these interruptions vary from business to business, but estimates indicate system outages like these end up resulting in $20,000-$100,000 in losses per business per hour.

Chain Reactions

Analysts like to write about the “interconnectedness” of modern business, but the Dyn cyber attack demonstrates an important fact they often omit: many businesses are connected to the same few cloud service providers.

[Explore the continuous monitoring technologies transforming a range of risk areas in a free ebook here.]

These mutual connections — companies like web hosting platforms, DNS providers, and cloud-based productivity apps — are weak points in the larger business landscape. Because of their popularity, a well-aimed cyber attack, like the one at Dyn, can wreak havoc on the bottom lines of businesses of all kinds.

When it comes to preventing downtime, it’s not just direct business relationships that organizations have to worry about. Outages at fourth-party connections (your vendors’ vendors) could also have ripple effects that end up knocking your services offline.

For example, your organization might not rely on a particular cloud hosting platform, but it’s very possible that your IT ticketing system, your collaboration apps, or your password manager do. If these services go down, your business can’t operate as normal.

Making a Map

To solve this problem, CIOs, CISOs, and other risk and security professionals need a complete map of their vendor connections. Unfortunately, creating a map like this is easier said than done. Large enterprises could rely on hundreds of IT vendors, and each one of these vendors could have hundreds of connections as well.

By the time a vendor risk management team maps and analyzes all of these thousands of connections, the data they used to assess the relationships between them won’t necessarily be accurate. With cyber risk changing on a moment-by-moment basis, the gaps between assessments could present opportunities for cyber criminals to strike.

Luckily, there are services available that create these maps automatically and update them continuously. One such service is BitSight Discover.

Charting a Course

Once risk management teams are armed with a complete, up-to-date assessment of vendor connections, they can take a variety of steps to protect themselves from unexpected downtime (and all of the costs that come with it).

For example, risk professionals can assess their operational risk by determining how many critical vendors in their network rely on the same service providers. For instance, if 80% of your network relies on Google Apps for Business, then you can quickly understand the risk associated with potential failure of that service.

Equipped with this knowledge, risk professionals can also start conversations with executives and the Board about developing backup and contingency plans. In other words, you can see exactly which of your services would be affected in the event of a major outage, and have risk-informed conversations with your business partners about putting alternative options into place. That way, if a major cyber attack does take down a particular service that you or a third party rely on, you can maintain operations instead of being forced to shut down for hours or days.

With cyber attacks on the rise and businesses becoming more and more connected, the frequency of major outages is likely to increase. By establishing vendor risk programs and equipping teams with the tools they need to analyze vendor connections, organizations can protect themselves from the next historic outage.

Learn how continuous monitoring technology is revolutionizing 5 major enterprise risk categories. Read the ebook.Download Ebook Now

Suggested Posts

How Continuous Vendor Monitoring Can Prevent Service Interruptions

On a Friday morning in October 2016, millions of people across North America attempted to visit popular websites including Spotify, Reddit, and the New York Times, only to find that they were inaccessible.

READ MORE »

What Is Cyber Risk and How Does It Affect Selecting Vendors?

When using dozens, hundreds, even thousands of vendors, how safe is a company’s digital assets? According to a recent Ponemon Institute study, almost half of respondents (49%) said that they had experienced a data breach caused by a vendor...

READ MORE »

Ideas For Incorporating Continuous Risk Assessment Software Into New Vendor Selection

Onboarding third-party vendors that will have access to your network and data can have dire consequences if you don’t have the ability to gauge vendor risk.

READ MORE »

Subscribe to get security news and updates in your inbox.