<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=26304&amp;fmt=gif">
Vendor Risk Management

Third-Party Security: How To Successfully Monitor For Potential Breaches

Melissa Stevens | June 2, 2016

Recently, BitSight commissioned Forrester Consulting to examine the practices of IT decision-makers as they relate to monitoring and managing third-party risk. From the survey, we learned that 59% of IT decision-makers indicated a desire to track and monitor third-party security—but only 22% were tracking with monthly, weekly, daily, or real-time frequency.

So while many professionals want to monitor the security of their vendors, less than a quarter of them do so with any regularity. If you are interested in monitoring your third parties more regularly for potential breaches but don’t know how, we’ve laid out four ways you can get started today.

1. Make sure you (or your employees) have the bandwidth.

Simply put, you cannot improve your third-party security and effectively monitor for Continuous Third Party Security Monitoring Powers Business Objectives And Vendor Accountabilitypotential breaches without having the employee bandwidth to do so. If you have an excellent cybersecurity monitoring tool—which we’ll discuss next—you’ll likely only need one employee that has access to alerts about security posture changes. This individual can then send on any updates to the necessary parties.

If you don’t have the capacity for a monitoring tool or system, you’ll likely need several employees who are working through the monitoring of your vendors. Consider how many vendors you need to monitor and the frequency you’d like to monitor them. Talking to and filling out spreadsheets for each vendor every week could be a serious time constraint.

2. Choose a tool that allows for continuous monitoring.

As previously mentioned, having the right third-party security tool makes all the difference. If you can find a system or security tool that enables you to monitor your third parties in real time—or at least daily—that’s ideal. Real-time monitoring is what you need to keep up with today’s cyberthreats.

BitSight, for example, allows you to monitor your vendors’ security ratings, which gives you a good indication of their overall security posture. If that number changes—for better or for worse—you’ll have a good sense of whether or not your third parties are putting adequate controls in place to protect your data and improve their security.

3. Monitor large attack vectors.

Another important variable of third-party security is identifying any imminent threats or areas of weakness. One area to pay close attention to is how well your vendors and suppliers are doing with mitigating the risk of high-profile SSL vulnerabilities like Poodle, Freak, and Heartbleed. These have all been around for a while now, so there’s no reason that they shouldn’t be patched.

4. Lower event remediation times.

In order to lower event remediation times, you first need to set a baseline. To do so, you’ll want to determine how many vulnerabilities your vendors have in their systems that are yet to be patched—and then determine how quickly they’re able to patch or remediate them.

To understand the importance of patching cadence, consider how critical it is when installing new software. When a new update comes out for a system you already have in place, it likely has bugs or vulnerabilities that will be found after deployment. Patches for these vulnerabilities become available regularly, but they don’t do any good unless they’re applied right away. This is critical for your third-party security.

Free White Paper: Monitoring Your Third-Party Security

IT professionals today are more aware of Continuous Third Party Security Monitoring Powers Business Objectives And Vendor Accountabilityvendor relationships and how important it is to monitor these third parties. But doing so can be difficult—particularly when you’re trying to quantify their security performance quickly and effectively.

If you want a deeper look into the problems IT professionals are facing with third parties today and how third-party monitoring can dramatically improve vendor security, download this free white paper today.

Suggested Posts

Streamline Your Bank's Third-Party Vendor Management Risk Assessments

Banks and other financial institutions are a proving ground for new risk management methods. High risk and intense regulations feed into a culture of serious, comprehensive security — a culture that has manifested in mature methodologies...


Should Cybersecurity Have a Voice in Vendor Procurement?

Business leaders now realize that their data is being exposed to risk by their vendors, and that monitoring and remediating these threats is a necessary part of an effective cybersecurity program.

However, even companies with strong vendor...


Fact or Fiction (Part 3): How Security Ratings Play a Role in Third-Party Risk Management

Over the course of this blog series, we’ve addressed some of the major concepts surrounding third-party risk, as well as addressed some misconceptions. In this final post, we’ll continue to examine the last three of the top notions...


Subscribe to get security news and updates in your inbox.