Managing Third Party InfoSec Risk
Information security is the risk topic of the year. Following the many cyber-breaches reported in 2016, most companies are setting focus on securing their own networks and data. But preventing the theft of sensitive information from third-party systems and personnel adds a new layer of complexity that must be addressed.
Despite incredible advances in technology and enhanced regulatory interest, the number of cyber-attacks involving access through third parties has grown dramatically. This isn’t surprising given that more than 80 percent of companies outsource some aspects of their business operations to third parties. The tasks third parties perform are becoming more customer-facing, including sales, distribution, and support services. As a result, third parties can have a more direct impact on a company’s reputation.
Managing the process of verifying, remediating where necessary and monitoring the effectiveness of third party controls demands the use of sophisticated and mission-designed technology. In this Illustration, OCEG and the illustration sponsors, Hiperos, LogicManager and Grant Thornton, define the key steps of the process and identify what the future holds for third party information security management.