< Back to Blog
5 Ways to Improve Your Third Parties’ Cyber Posture
Security Best Practices & Advice

5 Ways to Improve Your Third Parties’ Cyber Posture

By Giora Omer Oct 17, 20183 min read

Your company’s cyber posture may be strong, but that doesn’t mean that you are immune to attackers. As we have seen with recent cyber breaches at British Airways, Ticketmaster and Feedify, hackers typically target companies’ weakest link. Very often that means via a less-secure third party.  

How can companies improve the cyber posture of their third parties? In honor of National Cybersecurity Awareness Month, which focuses this week on cybersecurity risk management, resistance and resilience, here are our top five tips.

 1) Manage Your Third-Party Relationships

Every organization depends on numerous third parties for business operations. In many cases, companies are not even aware of who all of their suppliers are. This is why the first essential step for third-party security is mapping who your third parties are, what their impact is on your business and what relationships exist between the companies. A third party that supplies paper to your organization, for example, is not the same as your IT service provider.

 2) Identify Your Third-Party Attack Surface

Every cyberattack begins with reconnaissance. Companies should be aware of their third parties’ publicly accessible assets. Every asset is a potential attack vector to your third party, and indirectly, to your organization.

 3) What Would a Hacker Do?

One of the best ways to accurately assess vulnerabilities is to simulate a hacker’s point of view. How would a hacker attack your third party? What damage can be done? Simulating this perspective can help reveal possible cyber gaps in your third parties that need to be addressed.

 4) Monitor Continuously

Do not believe for a minute that one thorough review of your suppliers is sufficient. Your third parties must be scanned and assessed regularly, because hackers constantly use new and advanced methods for cyberattacks. In addition, suppliers frequently add assets and software, creating new cyber gaps. This constant change means that you need to have constant monitoring.

 5) Stay Updated

Learn how other organizations are tackling third-party cybersecurity and where you stand compared to them. Make sure you are up to date with industry best practices and that your third parties are not an easy pick for attackers.

Your third parties can pose a serious threat to your organization, but it isn’t possible to manually manage the security resilience of dozens of suppliers in an effective manner, let alone hundreds or thousands. Panorays provides an automated, easy-to-use platform for managing your third-party cyber posture, from internal questionnaires to external assessments. Contact us for more information.

humbnail
Giora Omer

Chief Architect and winner of the annual office basketball competition at Panorays. He has over 20 years experience in software, platform and security engineering (with a short hiatus for a degree in film).

You may also like...
Securing Your Suppliers: Building the Right Password Policy
Oct 14, 2020 Securing Your Suppliers: Building the Right Password Policy Giora Omer
Securing Your Suppliers: Preventing Phishing Attacks
Oct 06, 2020 Securing Your Suppliers: Preventing Phishing Attacks Giora Omer
Third-Party Cyber Risk: 6 Facts Every CISO Should Know
Jul 28, 2020 Third-Party Cyber Risk: 6 Facts Every CISO Should Know Giora Omer
Get our latest posts straight to your inbox Subscribe

We use cookies to ensure you get the best experience on our website. Visit our Privacy Policy for more information.