Our guest today is Jake Olcott Vice President, Communications and Government Affairs at BitSight. His focus is on vendor risk management.
Everyone who has bought a car or house knows what a credit rating is. A lender takes a look at your history and determines whether or not you are a good risk. BitSight applies that concept to your third party vendors, the real use cast for federal information technology professionals to look at the relationship they have with third party vendors.'When it comes to cybersecurity . . . the federal government's weakest links are contractors and subcontractors' Jake Olcott, BitSight Click To Tweet
According to BitSight, 70% of data breaches have been caused by third parties. The federal government, most noteworthy the Federal Housing Finance Agency, have indicated an interest in oversight of third party provider relationships.
First of all, if you are considering vendor A, B, or C, part of your due diligence may be to look at the history of the company to see how many breaches they have had. Second, let’s say you have third party relationships with 10 companies. They may pass muster at the inception of the contract – how have developments impacted the company vulnerability? It seems like continuous monitoring should be applied to vendors as well — this is called Vendor Risk Management.
What can happen? The third party can go bankrupt. They can have a data breach. They could be acquired. The federal government is replete with smaller tech companies who have merged or been bought out by others.