According to technology research giant Gartner, 83% of enterprises utilizing third-party services discover cyber risk after conducting due diligence.
Third-parties constitute a significant risk for enterprises of all sizes, even as they present opportunities for scaling workflows and services. In fact, Gartner learned in its survey that, of the risks discovered through due diligence, 31% presented potential material impact.
Yet the old method of point-in-time risk management just can’t keep up with the pace of modern business relationships. Point-in-time risk management seeks to identify potential risks before the commencement of a business relationship or recertification.
However, risks could arise as a result of an ongoing or changing relationship. Additionally, point-in-time risk management can lead to onboarding and waiting time and therefore punishing process delays.
How to Do Your Due Diligence For Third-Party Partners
Among its findings, Gartner found third-parties now have access to more enterprise data than ever. Moreover, they discovered enterprises’ third-party networks vary in maturity. In short, the risks associated with third-party partners only look poised to increase rather than decrease. Your enterprise needs to keep up.
Thus the importance of performing your enterprises’ due diligence in its risk management. This means continual assessment and reassessment even before recertification evaluations. Unfortunately, your enterprise may struggle to identify most material risks without active engagement with your third-parties.
One way to do your diligence: SIEM. Through machine learning and automation, SIEM can help your enterprise identify potential vulnerabilities in your IT environment. This includes third-parties and the databases they with which they regularly connect. You can closely monitor the most sensitive databases with close log management and security event correlation.
Further, you can deploy UEBA capabilities through SIEM which watches for insider third-party threats. Any abnormal behaviors could indicate a cyber risk and thus a potential data breach or ongoing attack. In fact, it could shorten your investigation times and reduce mitigation and remediation time.
SIEM allows you to do due diligence of your risk management. Best take that opportunity now.
You can read Gartner’s report on its risk management research and survey here.
Latest posts by Ben Canner (see all)
- How SIEM Improves Business Incident Response Plans - June 3, 2020
- Revisiting Whether SOAR Will Replace SIEM in Business Cybersecurity - May 29, 2020
- Changing SIEM From Reactive to Proactive with Threat Hunting - May 27, 2020