Data breaches grow more expensive with each passing year. The IBM/Ponemon Cost of a Data Breach Report 2021 indicates that the average total cost of a breach has risen to $4.24 million — an increase of nearly 10% over 2020 — but individual breaches can cost far more. Third-party breaches have proven particularly costly, with the massive SolarWinds breach incurring a price tag of approximately $18 million. And while estimates vary on the dollar cost, camera maker Verkada suffered significant reputational damage when 150,000 of its camera feeds were compromised. These incidents have put the need for greater third-party security in the spotlight.
One of the dangers of working with vendors, suppliers and partners is that they often require access to your network. Unfortunately, this creates risk. Organizations can control their own cybersecurity stance, but they cannot control the way their vendors approach VPN security, password management, legacy system retirement and other practices. But that doesn’t mean there aren’t ways for organizations to effectively gauge the level of third-party risk and try to influence their cyber hygiene. With that in mind, are third parties worth the risk — and if so, how can security professionals tell? There are a few simple factors that lead to breaches, and this piece will explore the most pressing threats associated with third-party vendors.