← Back to portfolio

Cybersecurity Awareness Month | Value Proposition | Virgil Security

This year marks the 15th annual cybersecurity awareness month. But what does this mean for your business? With security breaches at an all-time high, 63 percent of which can be directly or indirectly tied to third-party vendors, according to Soha Systems, this month-long initiative is the perfect opportunity for you to take a closer look at your own cybersecurity infrastructure. Implementing a few proactive security measures can go a long way towards reducing or even preventing the next attack.

Know Your Vendors

Depending on your company's operations, there could be dozens or even hundreds of third-party vendors accessing your system at any given time. In fact, one study by Bomgar found that only 35 percent of security professionals are confident that they know the precise number of vendors accessing their systems. Missing this critical piece of information can leave your company open to hackers waiting to exploit third-party security backdoors. The first line of defense against this type of attack is to obtain a full registry of all your third-party vendors, complete with key security personnel contact information.

Conduct Risk Assessment

According to a report by CSO Online, companies spent an average of $10 million responding to third-party related security breaches in 2016 alone. Large enterprises may have the resources to weather such a costly storm, but SMBs are unlikely to find the practice sustainable in the face of multiple breaches. More importantly, performing a comprehensive risk assessment of each vendor can often prevent such penalties, right from the start. You should know what information and system each vendor has access to, as well as, vendor login data and behavioral patterns. However, this data alone won't give you the complete picture. You also need an account of third-party security protocols, relevant penetration testings procedures and details about how often each is reviewed and or updated.

Create A Management Strategy

Despite the ever-increasing frequency and sophistication of cyber attacks, a PwC report found that only 52 percent of businesses have security standards in place for third-party vendors. This kind of oversight can prove costly, both financially and with respect to a company's reputation, as many well-known brands have seen after large-scale data breaches. While vendor management strategies vary from one company to the next, based on factors like size and budget, the important takeaway is that every business needs to have a third-party security strategy in place. The more engaged C-levels are in the oversight and implementation of such policies, the more likely they are to be successful. Employee education, ongoing security audits, and need-based identity management controls for vendors are just a few smart ways to create a strong foundation for third-party security management.

Cybersecurity Awareness Month is a valuable reminder that while no business is 100 percent immune to a third-party breach, every company can significantly reduce its vulnerability to one by consistently reviewing its own security policies and procedures. Remember, effective cybersecurity is a year-round commitment.