Managing third-party risk in a connected world

Recent world events have accelerated digital transformation programmes in organisations of all sizes and sectors. As businesses create more connected products, integrate new technologies or enter new partnerships, they need to ensure they are not exposing their data and systems or their clients’ data to cyber risks, says Paul Kenealy, co-founder & managing director at Threat Essentials.

These threats are only set to grow as the Internet of Things (IoT) connected devices will amount to 30.9 billion units worldwide by 2050, over four times the world’s current population, according to research from Statista. And it is not just through an organisation’s own systems. Third-party suppliers of software, programmes and networks are equally at risk, adding to the attack surface and opportunity of each user regardless of size.

How many organisations are left vulnerable in this way is not fully known, but the problem cannot be under-estimated. So-called ‘third-party risk management’ is the new cybersecurity issue of magnitude that few are aware of and understand.

Here, Paul Kenealy, co-founder & managing director at Threat Essentials explains how managing third-party cyber risk from a robust threat intelligence approach not only reduces risk but creates new strategic advantage too.

The rising cyber security threats in a connected world

As the world becomes more connected, third-party relationships are becoming more common; a recent Gartner report suggests that the median organisation contracts with as many as 5,000 third parties. The more third-party relationships that businesses have, the more susceptible they are to hacks and ransomware incidents making third-party risk management more important than ever.

Ultimately, it’s not just data that is at risk, as cyber breaches can result in large pay-outs for organisations no matter how big or small, in addition to damaging their reputation. A recent survey by the Ponemon Institute found that 53% of organisations have experienced a data breach as a result of a third party, with each breach costing an average of US$7.5 million (€6.30 million), as reported by Security Boulevard.

Paul Kenealy

The high number of cyber breaches from the supply chain suggests that many businesses do not have the tools, resources or knowledge to protect themselves from attacks. This is backed by research from Ponemon Sullivan that shows there is a significant gap between the monitoring of IoT devices in the workplace and the IoT of third parties.

Recent high-profile third-party hacks include Canada Post, which allegedly experienced a third-party data breach through their supplier, Commport Communications, showing that third-party cyber risks are becoming a trending modus operandi for threat actors. They are seeking to exploit the weakest link in a supply chain, targeting organisations that hold a significant amount of digital data to ensure they pay ransomware charges to prevent data from being made available on the dark web.

The key take-away? Organisations must ensure they know which third parties can access their systems to prevent future attacks. Third-party risk management solutions scan vendors and evaluate their cyber risk level, delineating where they fall short and allowing them to remediate their shortcomings.

With a third-party risk management solution in place, organisations can share with their vendors a standard of cyber security expected from them, including assurance for IoT security. This assures not only their own cyber security, minimising avoidable costs of ransomware, but organisations can also position themselves as cyber-safe partners.

Understanding your cyber threat intelligence

The first step to understanding your cyber threat intelligence is to level up your knowledge of the current landscape and the dangers in the supply chain, particularly in the C-suite levels of businesses and company decision-makers. It is also important for companies to know who is assigned responsibility for the security of the organisations’ IoT devices, performing risk assessments and control validation techniques.

According to a 2020 study by BlueVoyant, 29% of CIOs, CISOs and chief procurement officers surveyed said that they had no way of knowing if a cyber risk emerges in a third-party vendor. However, attitudes towards cyber risk management are changing, with companies putting it higher on their top priorities. In the same study, 81% of respondents said that their budget for risk management had increased by an average of 40%.

This shows that C-suites are becoming more aware of the need to protect their digital assets in the current context, where connected technologies are becoming a norm to facilitate business processes but also a risk to the overall integrity of their organisations.

Unlock your cyber risk management potential

The increased demand for IoT devices means that organisations need more advanced technological solutions that leverage data to help identify threats and minimise the likelihood of an attack. Current solutions can ensure that third parties have declared all of their past incidents to reduce the attack surface and verify that their devices and networks are protected, increasing trust in partners.

Third-party risk management can also present a range of additional benefits for organisations. Scanning the cyber hygiene of clients will become the industry standard, so companies should begin increasing their security for a competitive advantage.

As more regulation is enforced, organisations should attempt to stay ahead of the trends to keep their reputation, relationships, devices and data safe from harm. 

The author is Paul Kenealy, managing director at Threat Essentials.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow


9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

IoT solution providers now can integrate LoRaWAN connectivity with thingPark embedded OEM program

Posted on: December 3, 2021

Actility launches ThingPark Embedded, an OEM-type Partner Program which enables IoT Solution Providers and device manufacturers to integrate a full-featured industrial-grade LoRaWAN infrastructure to their offering.

Read more

Schneider Electric launches grids of the future lifecycle management at Enlit Europe event

Posted on: December 3, 2021

Rueil-Malmaison, France. 2 December 2021 – Schneider Electric, the provider of digital transformation of energy management and automation and The World’s 2021 Most Sustainable Corporation, believes that electricity is the only energy that offers the fastest vector for decarbonisation through a combination of renewables and digital software-led solutions.

Read more