The Fastest Way to Amplify Your Third-party Risk Management
by Jason Rohlf, VP of Solutions
Businesses need to be diligent, vigilant and, dare we say, ruthless when it comes to the cyber security health of those in their supply chains. Learn how to amplify your current efforts.
Let’s say you’re the kind of risk manager who diligently submits SOC reporting without fail. You complete regularly scheduled risk assessments on the dot. You’re doing everything you know to do. You’re on it.
But what if your methods for monitoring vendor and third-party risk—specifically cyber risk—are falling short? Would you even know?
Here’s the thing: no matter how healthy the rest of your business is, if you suffer a crippling data breach, it can take you down—really down— through a series of even more unfortunate events.
Regulatory fines as a result of control violations. Lawsuits because identities have been stolen. Irrevocable reputational damage. If you can’t keep my information safe, you can’t have my business.
Vendor Risk E-book
Practical Guidance for Identifying and Managing Risk That’s Hiding in Your Vendor Relationships
Breaches happen for a number of reasons. Outdated solutions, Disjointed data sets. Relentless, evolving cyber threats. Unavoidable, digital dependencies.
Businesses have to be diligent, vigilant and, dare we say, ruthless when it comes to the cyber security health of those in their supply chains, both directly and indirectly.
So what if you could find those blind spots? What if you had more control over cyber risk?
We asked Alex Rich, Sr. Director of Alliances for SecurityScorecard, and Jason Rohlf, VP of Solutions for Onspring, to talk about how to get real cyber risk transparency for critical relationships and how to find breach threats that require attention ASAP.
Catch up on the highlights below or watch the full webinar.
What is SecurityScorecard and how does it work?
SecurityScorecard is the leading provider of cyber risk ratings. They measure the cyber security posture and resilience of an organization with a two-fold approach:
- Identify all public-facing digital assets that belong to an organization’s top-level domain to discover its digital footprint.
- Monitor & grade the signals coming in against leading cybersecurity frameworks.
And this attribution & collection process is running 24/7.
How are they able to do that? Take a look.
Once SecurityScorecard collects all the signals and cross-matches them to either a domain or IP address, they grade those signals against leading cybersecurity frameworks, particularly NIST.
Much like a credit rating, SecurityScorecard renders a score based on hundreds of vectors across 10 different security categories that take into account more than 95 issue types:
DNS Health
IP Reputation
Web Application Security
Network Security
Leaked Information
Hacker Chatter
Endpoint Security
Patching Cadence
Cubit Score
Social Engineering
SecurityScorecard currently scores over 5.1 million companies and are projecting to reach 20 million companies by the end of the year. And if you need a cyber score for a company that’s not in their inventory, they have the ability to score new companies in under five minutes.
And what do those grades mean exactly for you? Risk. Of. Breach. Alex explains.
How does Onspring use SecurityScorecard data for TPRM?
As a business process automation platform, Onspring is built to:
- Collect information into one, single, organized source
- Connect key activities
- Surface actionable, real-time data
Vendor management or third-party risk management is just one of many Onspring use cases. We know that when a business is contingent or dependent on other businesses, risk increases due to shared data or shared network access. For modern, interconnected companies outsourcing distribution, logistics, support or finance, it’s pretty much inevitable.
Vendors become an extension of our attack perimeter, even the healthy vendors.
So what can you do? Well, cyber risk is a constant. Even if you just finished your risk assessment last week, there could already be new threats or emerging data leaks this week. What if your A-grade vendor just hired a D-grade fourth party partner? How do you continuously monitor for that?
Enter SecurityScorecard. Their statistically validated data is layered into Onspring to visualize, centralize and prioritize previously hidden risks.
Once you employ Onspring’s data connector with your SecurityScorecard subscription, you can do things like:
Set a watchlist
Send risk alerts
Set benchmarks as a decision-making shortcut
Track third-party score & grade trending
Relate SecurityScorecard data into vendor records
Take a look:
But what about something specific? Like how could you detect if something was awry with your payroll processor?
Now that you’ve seen what a game-changer you have with SecurityScorecard in Onspring, you probably want to see how it can really apply to your specific vendor management needs. Good. We’re happy to show even more features that solve your particular TPRM challenges.
