Here’s a scary thought: according to a recent survey, only a third of companies know how many vendor access their systems. More than half, meanwhile, haven’t reviewed their third-party access policies in the past two years, while just over a half say they enforce polices related to third-party access.
At a time when multi-provider sourcing arrangements are increasingly becoming the norm, lack of visibility into the service delivery ecosystem is a risky proposition. The risks are especially high for industries such as banking and pharmaceuticals, where strict regulatory compliance standards make effective third-party oversight a must-have.
Enterprises struggling to gain a clear view of the service provider landscape face the compounding challenge of confronting a rapidly evolving risk environment. Constantly emerging new threats seek to expose points of vulnerability – and what better point of vulnerability than a third-party service provide with access to critical data and systems?
The fact that a sizable portion of enterprises don’t even know how many providers they have, and/or fail to enforce existing access policies, suggests that cybersecurity governance needs to move up the list of C-level priorities..
About the author
