Third-Party Risk Management Through the Lens of Security Intelligence

November 12, 2019 • The Recorded Future Team

Today, cyber threats come from everywhere, and digital business risk is at an all-time high. Yet security teams tasked with protecting critical information and assets are increasingly forced to do more with less — and to do it faster than ever before. As the first line of defense against cyber threats, they need a way to speed up unknown threat identification, decision-making, and ultimately, risk reduction. To amplify their impact, security teams are beginning to embrace a security intelligence philosophy that applies intelligence across their organizations’ entire security strategy to enable a more proactive, comprehensive approach.

This blog is the second in a three-part series exploring each of the three principles of security intelligence. First, we examined the who, what, why, and how of threat intelligence. Now, we’ll dig into intelligence-driven third-party risk management. Our final blog will explore how intelligence can make your digital brand protection efforts more efficient and effective.

A Chain Is Only as Strong as Its Weakest Link

Today’s businesses are so tightly integrated that even one security gap in your ecosystem of partners, vendors, and other third parties could spell disaster for your organization.

Consider the fact that 59% of organizations have experienced a data breach originating from a third party, and yet, only 29% state that a third party would even notify them of a breach. These are just two of many troubling statistics that underscore a strikingly prevalent third-party risk problem. The bottom line is this: third-party attacks will continue to get worse. They will further complicate cyber risk management, and your partners may be unlikely to help you address the most critical problems.

Making matters worse, many tools designed to help you assess third-party risk rely on static outputs, like financial audits, monthly reports about new vulnerabilities discovered in systems an organization uses, and occasional vendor-provided reports on the status of security control compliance. This information quickly goes out of date and doesn’t provide all the information and context you need to make informed decisions about how to manage risks — not to mention the inherent bias in vendor-provided information.

Real-Time Intelligence Identifies Weak Links Across Your Ecosystem

To accurately evaluate your third-party risk profile, you need immediate access to context on the current threat landscape. In contrast to traditional methods, real-time intelligence enables you to accurately assess risk — both current and historic — posed by each third party, and keep these assessments up-to-date as conditions change and new threats emerge.

Intelligence-driven third party risk management, as part of a comprehensive security intelligence program, should include the following:

Automation and machine learning to quickly and comprehensively sort massive amounts of data.

To effectively manage risk for your own organization, you need access to mas­sive amounts of threat data from the open web, the dark web, technical and news sources, and discussion forums. The same applies for assessing risks presented by third parties. However, that equates to billions of data points — so much more than your already overloaded security teams could ever analyze. That’s why intelligent machines are crucial for collecting and analyzing third-party risk data, then generating an objective, data-driven risk score for each third-party entity to help you prioritize and address critical threats.

Real-time alerts and changes to risks.

Imagine one of your third-party providers suffers a massive breach that puts all of your sensitive customer data at risk. If you only receive monthly risk scores on that provider, it will be too late by the time you get an updated assessment. Risk scoring is exponentially more effective when it updates in real time and draws on a large pool of data, so you can make informed security decisions immediately.

Transparency into your third-party partners’ threat environments.

If you rely on vague risk scoring methods or opaque sourcing, results can be hard to accept — even if they’re accurate. Too often, organizations (or the third parties in question) fail to act on intelligence because leaders don’t understand it or know the source. In contrast, effective threat intelligence should be fully transparent, showing the risk rules that are triggered by a particular alert as well as the sources. This context allows for faster due diligence and reference checking — and it is particularly useful when evaluating new potential vendors.

What Now?

So, now that you understand the importance of real-time threat intelligence for evaluating third-party risk, what do you do when a high risk score surfaces? Do you have to terminate the business relationship immediately? Not necessarily. Remember – cyberattacks are no longer a matter of if, but when. A change in risk score can present an opportunity to start a conversation with your business partner about how they approach secu­rity, while taking a deeper look at how the incident impacts your organization.

Applying intelligence across your organization helps everyone in cybersecurity functions — from third-party risk management to SOC teams — better anticipate threats, respond to attacks faster, and make better decisions on how to reduce risk.

This is security intelligence — a philosophy that amplifies the effectiveness of security teams and tools by exposing unknown threats, informing better decisions, and driving a common understanding to ultimately accelerate risk reduction across the organization.

Interested in learning more? Download the second edition of our popular book, “The Threat Intelligence Handbook: Moving Toward a Security Intelligence Program.”