Third-party risk has long been an acknowledged threat to corporate cybersecurity due to the access that partners, contractors and other trusted third parties have to an organization’s systems and sensitive data. However, an organization’s external security risks extend far beyond its trusted third parties.
The SolarWinds, Kaseya and similar attacks have underscored the security risks of corporate supply chains. While an organization may lack a direct trust relationship with a particular organization, this does not mean that these fourth parties cannot affect the company’s cybersecurity.