Cybersecurity and Third-Party Risk

Move beyond the checklist and fully protect yourself from third-party cybersecurity risk 

Over the last nearly ten years there have been hundreds of big-name organizations in every sector subjected to a public breach due to a vendor. The recognizable breaches started with Target in 2013 and escalating to Equifax in 2017. Then came 2020, a near 800% increase in cyberattack activity, millions more workers now working remotely, and the number of incidents with third-party breaches and incidents skyrocketed as well. In December 2020, the tipping point came with the news of the SolarWinds supply-chain attack. A sophisticated hacker using a technique known as an Advanced Persistent Threat (APT), leveraged this widely used software to hack and steal information over a period of several months from Microsoft to the Department of Homeland Security. The damage from this one attack alone will continue for years, and there will be more like it or worse. This method provides a roadmap for other hackers to follow. The weak sports aren’t found in the great defense-in-depth of the intended targets, but by attacking a trusted partner or vendor and they work because third party risk management and cybersecurity have not been brought together sufficiently with an aim to decrease the risk more aggressively. 

In Cybersecurity and Third-Party Risk, cybersecurity and IT expert Gregory Rasner delivers proven, active, and predictive risk reduction strategies and tactics designed to keep you and your organization safe. In this book, the author shows you how to transform third-party risk from an exercise in checklist completion to a proactive and effective process of risk mitigation. 

You’ll learn how to conduct due diligence on third parties connected to your own network and how to keep your information current and reliable. You’ll also discover what language to look for in a third-party data contract in various use cases, like offshoring, fourth-party hosting, and data security arrangements. The book also includes: 

A comprehensive review of the basics of third-party risk management and necessary due diligence Expansive case studies on devastating breaches suffered by companies like Home Depot, GM, and Equifax Why you need to move beyond the checklist and start having productive conversations with your data partners to secure your systems Perfect for professionals and executives responsible for cybersecurity and risk in their organizations, Cybersecurity and Third-Party Risk is a must-read resource for business leaders seeking a practical roadmap to avoiding the massive reputational and financial losses that accompany third-party caused data breaches.