Supply Chain & 3rd party Risk Management
We’ll Streamline 3rd party agreements and monitor their cyber fitness
83% of organisations have suffered a breach through a third party (Deloitte). Companies work with an average of 583 vendors (Ponemon). Your network perimeter extends to the Cloud and to your third parties. Weaknesses in their IT process and infrastructure can impact you.
What can you do about it?
- Streamline questionnaires
- Assess the third parties IT Infrastructure
- Correlate the questionnaire with the assessments
- Perform 24/7 monitoring of the third parties attack surface
- Reduce breaches due to third parties
- Improve your cybersecurity posture across the board
Our service combines automated, dynamic security questionnaires with external attack surface assessments and business context to provide organisations with a rapid, accurate view of supplier cyber risk.
- Scope the risk controls according to the vendor
- Save procurement and legal time when reviewing questionnaires, on average saving 7 hours per questionnaire
- On board third parties much faster
- Always ensure they meet your compliance standards
Check the human element? Insider threat accounts for 60% of data breaches but represent a blind spot and cyber gap for companies – Check the likelihood of the vendors employees being targeted for an attack based on factors such as social media presence, employee security awareness and if they have a dedicated security team.
360 degree assessment
Assess your third party’s digital perimeter, customise security questionnaires and determine inherent risk of partnering with that company. Assess their Web, e-mail & DNSservers, TLS protocols, asset reputation, cloud solutions and other exposed services.
Insight into the third party’s employees attack surface, social posture, presence of a dedicated security team etc.
Onboard suppliers faster
Reduce time to onboard suppliers and save your legal, procurement and security teams’ valuable time.
Always know that your supplier is meeting your compliance standards and be alerted when they are not. Monitor their Web applications, CMS, domain attacks, etc.