Mitigating Third-Party Cybersecurity Risk

Aug 4, 2021 | Cybersecurity & Risk Management, Technology

Risk can’t be avoided in today’s business world – but it can be mitigated.

Most businesses rely on a range of third-party services and applications. The good news is that these services can help an organization work better, faster, and more economically. The bad news is that it can open up a whole new world of risk.

The majority of organizations don’t pay much attention to the cybersecurity vulnerabilities in their supply chain, thinking problems with a supplier won’t really impact their results or reputation. Unfortunately, recent incidents, even with the ‘big league’ cloud service providers, show us we need to check on third-party supplier security for ourselves. Organizations will suffer severe consequences if a third-party breach means our own customer information or proprietary data is leaked. Your customer often won’t care that one of your suppliers is at fault, the blame will land squarely on your shoulders.

In fact, a current report suggests: “…security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic, with costs rising 10% compared to the prior year.”

There are things, however, that your business can do to mitigate the risk (and expense) of a third-party security issue.


Vulnerabilities Facing Businesses


The technology chain that connects services is absolutely entrenched in how the business operates today. Most businesses rely on a variety of these services, everything from cloud computing to ERP software to payment processing, and dozens more. Each of these inevitably introduces certain vulnerabilities into the equation that business leaders need to manage, such as:

  • Lack of cybersecurity awareness:  Whether you realize it or not, your employees can be a huge risk factor. Without the proper training required to identify and understand social engineering attacks like phishing, they may inadvertently open the door to malicious activity.
  • Inconsistent processes: In any organization, what is true for one department should be true for the rest. Failing to ensure everyone is on the same page with regards to security measures can invite security risk to your operation. Accountability for cybersecurity processes within an organization is a must!
  • Outdated firewalls and software: A firewall that is out of date but is still being used every day poses a risk to a business and to any organization that works with it. The same holds true with software.
  • Lack of physical security: If a company is holding proprietary data or financial information, it makes sense that its office is tightly secured against potential intruders or break-ins.

The ‘bad guys’ are clever and relentless, and they can exploit any opportunity to steal data, extort money, perform corporate espionage, or other types of unlawful behaviour.

The types of risks your organization may face are varied, but the results are usually the same: having your security compromised can lead to the loss of a hard-earned reputation, legal issues, and fines, among others.

It can be devastating.


Protecting Your Organization


There are measures your business or organization can take to avoid hurting your reputation due to the action (or inaction) of a third party. Performing a vulnerability assessment – or better yet, hiring a firm like Mariner to conduct a penetration test – is a great place to start.

After all, you are tying your business to theirs.


Mariner - Office group discussing cbersecurity risk assessment - Blog image

Asking the Right Questions


If you’re performing a risk assessment before you decide to work with a third party, asking the right questions can help you determine whether you can trust them:

  • What are their weak links when it comes to security?
  • Do they regularly offer cybersecurity training to their staff? Do they need to?
  • Are their security standards consistently enforced across all departments?
  • Do their security standards align with your own?
  • If the third party’s security was compromised, either physically or electronically, do they have a plan in place to deal with the breach?

These questions may also prompt you to think about your own organization’s cybersecurity measures and take the opportunity to mitigate future risks.


Mariner Can Help


Mariner is often approached to assess the level of risk our clients are facing and give them the tools needed to mitigate those risks. We conduct a vulnerability assessment and penetration testing tailored to the clients’ needs. We also offer live-streaming sessions on YouTube, where business leaders can learn the best practices of security. Our team brings a tremendous amount of hard-earned experience to this battle. They have worked across industries and are at the leading edge of cybersecurity.

Protecting your organization from ‘bad actors’ is mission-critical. The stakes are high, and failure can crush the prospects of even the most successful company. Smart business leaders understand that failing to prepare for a cybersecurity intrusion is preparing to fail – it will be attempted, the only question to answer is this: will you be ready?


Rob Lavin
Practice Lead, Cybersecurity and Risk Management
Let’s Connect






Share This