Third-Party Risk in the Time of Covid-19

Here is an interesting chart from Gartner:

What are legal and compliance folks worried about in the era of Covid-19? Increased cyber risk.

“Remote working has been hastily adopted by suppliers to keep their business running, so it’s unlikely every organization or employee is following best practices,” said Vidhya Balasubramanian, managing vice president in the Gartner Legal and Compliance practice.

Even if they (compliance managers) think their own organization is following best practices for remote work (which unless they had a strong remote work process before Covid, this is unlikely), they think their vendors might not be so good.

Work with your supply chain team to identify vendors that may have problems meeting their commitments.

Review recent assessments to see if any vendors had challenges during good times.

Mitigate any new risks that you see – this could include contract changes or additional audits.

Consider fourth-party risk – your suppliers’ third parties.

Ask about their new suppliers – as well as your new suppliers.

Here’s the bad news. You don’t have the time or resources to deal with everyone so you have to assess all of your vendors and make an educated assessment about who to review.

And sorry, attackers are not going to give you a free pass just because there is this pandemic going on.

Finally, your suppliers are not trying to get attacked – they are dealing with the same crappy hand that you are. Credit: Help Net Security

by