High-Level Strategies for Third-Party Risk Mitigation

Date:

Share post:

There are so many technologies and strategies and buzz words around cybersecurity these days that it can be difficult to know where to start.

It’s hard enough thinking about the myriad threats that can find their way into your organization without even broaching the subject of third-parties and trusted connections. However, there are a few fundamental, high-level strategies to consider applying in your third-party risk mitigation plan. They can be used individually or in tandem to create a strong cybersecurity framework for your organization.

• Defense in Depth
The primary principle of defense in depth is to build layers of security into your organization’s digital architecture, so that if one layer fails, there will be others to back it up and maintain security. It is essentially a “fail-safe” strategy that assumes threats will most likely eventually find a way through one or two layers of defense (a safe assumption in most cases). There are no limits to the types of security involved, just those that best fit your organization. Role-based access controls, authentication, data encryption/tokenization, firewalls, data diodes, SIEM, and other technologies can all be used together to create a sophisticated, hardened defense.

• Risk-Based Security
Assuming that threats will eventually breach your network’s defenses (you may be sensing a theme), a riskbased strategy applies more security resources to your most sensitive assets while less resources are applied to the lower risk assets. Risk-based strategies also typically assume that there is not a way to eliminate risk – there will be a need for multiple sophisticated connections to external networks, for a large number of users to access or collaborate on (sometimes sensitive) data, legacy or outdated equipment in use, or other complex issues that complicate traditional security methods. Over time, larger and higher performing companies have evolved the idea of a risk-based strategy into a more comprehensive method of protecting their organizations known as “zero trust.” 

• Zero Trust
A zero-trust strategy assumes that a threat can come from anywhere inside or outside your organization, and therefore a continual assessment of every request or attempt to connect or access networks, devices, or information is required. This can be highly resource intensive, and typically requires sophisticated authentication schemes as well as some sort of SIEM automation in the form of cloud data collection, systems monitoring, etc. User and systems data are monitored continually to develop a baseline of what is considered “normal” activity, which then allows for alerts if any abnormal activity occurs. Reducing the number of your external connections, applying the least privilege principle, and having dedicated resources to monitor and calibrate the results are all key to making this strategy effective, and while it is theoretically a great strategy for complex, highly-connected organizations,
in practice it is very difficult to fully achieve today.

High-Level Strategies for Third-Party Risk Mitigation

Phil WonProduct Manager – A product and technology leader, with years of experience in product development enabling the merge of business and technology needs of diverse industries (connected consumer devices, IIOT, automotive, cyber security and telecom). He brings strategic and technical proficiency in new product planning, development, and deployment initiatives. Phil is on the Product Management team at Owl Cyber Defense. His main product line is OPDS, focusing on growing existing products and innovating future solutions.

Phil can be reached at pwon@owlcyberdefense.com or our company website is: www.owlcyberdefense.com | twitter handle: @owlcyberdefense.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

NEWSLETTER SIGNUP

Please enable JavaScript in your browser to complete this form.

Related articles

Are Private Jets Destroying the Climate? Experts Call for Crackdown on Ultra-Wealthy’s Travel

The rising trend of private jet use among the ultra-wealthy highlights the need for targeted policies to curb...

The Devastating Impact of Climate Change: A Closer Look at Intensifying Weather Events

The latest IPCC findings warn that without a peak in emissions by 2025 and a transition to net-zero...

Vodafone – Three Merger Set for CMA Green Light: What It Means for UK Telecoms

If approved, the merger would mark a turning point in the UK's mobile network development, with both opportunities...

Nissan to Slash 9,000 Jobs Globally Amidst Sales Decline and Market Shifts

This move aims to signal accountability and align with the company's renewed focus on financial sustainability Nissan Motor Co.,...