Saket Modi is the co-founder and CEO of Safe Security, a cybersecurity and digital business risk quantification platform company.
Today’s cybersecurity landscape requires an agile and data-driven risk management strategy to deal with the ever-expanding third-party attack surface.
When a business outsources services by sharing data and network access, it inherits the cyber risk from its vendors across their people, processes, technolog, and that vendor’s third parties. The typical enterprise works with an average of nearly 5,900 third parties, which means companies face a huge amount of risk, regardless of how well they cover their own bases.
For instance, 81 individual third-party incidents led to more than 200 publicly disclosed breaches and thousands of ripple-effect breaches throughout 2021, according to a report by Black Kite.
The current outside-in approach to managing third-party risk is inadequate. Instead, the industry needs to move toward a new third-party risk management approach by initiating conversations beyond outside-in assessments. Specifically, businesses should establish zero-trust principles for all vendors, assess risk across external and internal assets with inside-out assessm …