Fighting Third-Party Risk With Threat Intelligence

The network of global supply chains means organizations are more interconnected than ever, which increases the potential for a data breach or other security incidents involving third-party suppliers and partners. Third-party vendors, especially those digitally connected to an organization, significantly increase their attack surface and open exposure to software supply chain risks, vulnerabilities, and malicious or negligent insiders.

According to Cyentia Institute, 98% of organizations have at least one third party that suffered a cybersecurity breach within the previous two years.

Organizations have increased their investments in third-party risk management (TPRM) programs to mitigate these risks. In its "2023 Global Third-Party Risk Management Survey," EY found that 90% of respondents were investing to improve their programs' effectiveness. In a recent Dark Reading report, "Managing Third-Party Risk Through Situational Awareness," experts outline how organizations can use threat intelligence to effectively manage third-party risk.

"Third-party risk management is such a big challenge for CISOs," says Rick Holland, VP CISO at security services provider ReliaQuest.

Experts say that the top drivers for TPRM investments are regulatory demands, increased remote work, and data privacy. Much of that investment is being used for threat intelligence programs. By harnessing threat intelligence from various sources, organizations can comprehensively understand the threat landscape and make informed decisions to manage third-party risks effectively.

Threat intelligence is found in many sources, such as open source intelligence, commercial threat intelligence providers, industry-specific information sharing and analysis centers, and internal security data. As applied to third parties, threat intelligence analysts incrementally add intelligence that could indicate that their third parties are either at risk of attack, under attack, or have recently been attacked. Such indicators include comments on Web forums and marketplaces, leaked data, credentials spilled on the Internet, and more.

Download the report to learn how to get started with threat intelligence. Organizations can better comprehend their threat landscape through such threat intelligence and make better-informed decisions to manage their risks. Learn how to collect and use threat intelligence to help reduce many risks associated with third parties.