New Year’s Resolution: Manage Your Third-Party Security Better!
If you are worried about managing your third parties, you are not alone. Gartner reports that nearly 70% of chief audit executives reported third-party risk as one of their top concerns, but many still struggle to manage this risk.
The reason? Because it’s a tough job.
Organizations rely on third parties, who receive access to businesses’ digitized systems and processes. These systems often contain confidential and sensitive information, and organizations must make sure that each third party maintains a high level of security to safely access these systems. Vetting these third parties and continuing to effectively monitor them for cyber gaps can be time-consuming and expensive.
So here’s a great New Year’s resolution for every business: Make 2019 the year that you take control of your third parties’ cybersecurity posture. Here are three good reasons why:
1. There are more third-party data breaches than ever before, and hackers are more sophisticated than ever before.
More than 75% of respondents in a recent Ponemon Institute report said that third-party data breaches are on the rise, but we probably could have guessed that simply from the frequency of data breaches reported in the news. The victims have included major companies such as Ticketmaster, Newegg, British Airways, and others.
Meanwhile, the complexity of the breaches indicates that hackers are becoming even more creative about how they steal personal data. In fact, 22% of CISOs polled admitted that they weren’t sure if they’d had a third-party data breach in the past 12 months. Chances are that your business might have already suffered a third-party breach—or will soon.
2. The number of third parties that organizations are hiring continues to rise.
According to the Ponemon report, the average number of third parties employed by organizations has increased from 378 in 2016, to 471 in 2017, to 588 in 2018. Which means that managing third parties will only continue to get more complicated.
3. There are more data privacy regulations and more penalties.
Move over, GDPR: There are more data privacy regulations on the way, and these hail from the United States.
Beginning January 1, 2020, the California Consumer Privacy Act will go into effect, granting California citizens certain data privacy rights. These include:
- the right to know what personal information is being collected about them
- the right to delete data they have posted
- the right to know the categories of third parties with whom data is shared
- the right to access their personal information
Penalties for not complying with CCPA—while not as high as GDPR—are still significant: $2,500 per violations for negligent violations and up to $7,500 per violation for intentional violations.
Data regulations are being passed in other states as well. Vermont recently became the first in the nation to regulate the companies that buy and sell personal information. In Colorado, a new law focuses on how companies handles personal identifying information. And New Jersey and Washington have also passed laws on retail data and biometric data, respectively.
All told, the stakes are even higher for businesses to better manage personal data, as well as the third parties who can access it.
How Can You Manage Your Third Parties?
Automated third-party security management is the way to go. Using a solution such as Panorays, companies can rapidly evaluate and continuously monitor third-party security posture while ensuring compliance to regulations like GDPR and CCPA.
Interested in learning more? Contact us for more information.