Managing third-party risk in a connected world

Recent world events have accelerated digital transformation programmes in organisations of all sizes and sectors. As businesses create more connected products, integrate new technologies or enter new partnerships, they need to ensure they are not exposing their data and systems or their clients’ data to cyber risks, says Paul Kenealy, co-founder & managing director at Threat Essentials.

These threats are only set to grow as the Internet of Things (IoT) connected devices will amount to 30.9 billion units worldwide by 2050, over four times the world’s current population, according to research from Statista. And it is not just through an organisation’s own systems. Third-party suppliers of software, programmes and networks are equally at risk, adding to the attack surface and opportunity of each user regardless of size.

How many organisations are left vulnerable in this way is not fully known, but the problem cannot be under-estimated. So-called ‘third-party risk management’ is the new cybersecurity issue of magnitude that few are aware of and understand.

Here, Paul Kenealy, co-founder & managing director at Threat Essentials explains how managing third-party cyber risk from a robust threat intelligence approach not only reduces risk but creates new strategic advantage too.

The rising cyber security threats in a connected world

As the world becomes more connected, third-party relationships are becoming more common; a recent Gartner report suggests that the median organisation contracts with as many as 5,000 third parties. The more third-party relationships that businesses have, the more susceptible they are to hacks and ransomware incidents making third-party risk management more important than ever.

Ultimately, it’s not just data that is at risk, as cyber breaches can result in large pay-outs for organisations no matter how big or small, in addition to damaging their reputation. A recent survey by the Ponemon Institute found that 53% of organisations have experienced a data breach as a result of a third party, with each breach costing an average of US$7.5 million (€6.30 million), as reported by Security Boulevard.

Paul Kenealy

The high number of cyber breaches from the supply chain suggests that many businesses do not have the tools, resources or knowledge to protect themselves from attacks. This is backed by research from Ponemon Sullivan that shows there is a significant gap between the monitoring of IoT devices in the workplace and the IoT of third parties.

Recent high-profile third-party hacks include Canada Post, which allegedly experienced a third-party data breach through their supplier, Commport Communications, showing that third-party cyber risks are becoming a trending modus operandi for threat actors. They are seeking to exploit the weakest link in a supply chain, targeting organisations that hold a significant amount of digital data to ensure they pay ransomware charges to prevent data from being made available on the dark web.

The key take-away? Organisations must ensure they know which third parties can access their systems to prevent future attacks. Third-party risk management solutions scan vendors and evaluate their cyber risk level, delineating where they fall short and allowing them to remediate their shortcomings.

With a third-party risk management solution in place, organisations can share with their vendors a standard of cyber security expected from them, including assurance for IoT security. This assures not only their own cyber security, minimising avoidable costs of ransomware, but organisations can also position themselves as cyber-safe partners.

Understanding your cyber threat intelligence

The first step to understanding your cyber threat intelligence is to level up your knowledge of the current landscape and the dangers in the supply chain, particularly in the C-suite levels of businesses and company decision-makers. It is also important for companies to know who is assigned responsibility for the security of the organisations’ IoT devices, performing risk assessments and control validation techniques.

According to a 2020 study by BlueVoyant, 29% of CIOs, CISOs and chief procurement officers surveyed said that they had no way of knowing if a cyber risk emerges in a third-party vendor. However, attitudes towards cyber risk management are changing, with companies putting it higher on their top priorities. In the same study, 81% of respondents said that their budget for risk management had increased by an average of 40%.

This shows that C-suites are becoming more aware of the need to protect their digital assets in the current context, where connected technologies are becoming a norm to facilitate business processes but also a risk to the overall integrity of their organisations.

Unlock your cyber risk management potential

The increased demand for IoT devices means that organisations need more advanced technological solutions that leverage data to help identify threats and minimise the likelihood of an attack. Current solutions can ensure that third parties have declared all of their past incidents to reduce the attack surface and verify that their devices and networks are protected, increasing trust in partners.

Third-party risk management can also present a range of additional benefits for organisations. Scanning the cyber hygiene of clients will become the industry standard, so companies should begin increasing their security for a competitive advantage.

As more regulation is enforced, organisations should attempt to stay ahead of the trends to keep their reputation, relationships, devices and data safe from harm. 

The author is Paul Kenealy, managing director at Threat Essentials.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow


Aeris to acquire IoT business from Ericsson

Posted on: December 8, 2022

Ericsson and Aeris Communications, a provider of Internet of Things (IoT) solutions based in San Jose, California, have signed an agreement for the transfer of Ericsson’s IoT Accelerator and Connected Vehicle Cloud businesses.

Read more

Telenor IoT passes milestone of 20mn SIM cards

Posted on: December 8, 2022

Telenor, the global IoT provider and telecom operator, has experienced rapid growth over the last years and ranks among the top 3 IoT operators in Europe and among the top IoT operators in the world. The positive development is due to an accelerated pace of new customers combined with a successful growth of existing customers’

Read more

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more