As your clients’ trusted security advisor, it’s crucial to understand the cyber risks that they face in their daily operations, especially when working with third-party vendors.
Chances are you’ve already deployed Zero Trust Network Access (ZTNA) solutions for your client that provide their employees and devices with secure access to applications on-premises and outside their network.
While your clients have embraced the zero trust principle of “never trust, always verify” to safeguard their own environments,they may not consider the potential security risks that their vendors pose. Keep in mind that attackers often target vendors with weaker security protocols to gain unauthorized access to your clients’ systems and data.
When your clients outsource services to outside vendors, they often share data and access to their networks. They may not realize that this practice opens them up to cyber risk from their vendors’ people, processes, technology and their own third parties.
According to research from the Ponemon Institute and reported by TechCrunch, 51 percent of companies surveyed said that they didn’t assess the cyber risk posture of third parties before allowing them access to confidential information.1 Even more troubling is that 63 percent of respondents said that they didn’t know what data and system configurations their vendors can access. They also lacked critical knowledge about why vendor have access to their data and systems, who specifically had permissions and how their data is stored and shared.2
These companies are taking the concept of a “trusted partner” a little too far. If this sounds like any of your clients, you need to take the following actions:
- Conduct regular security assessments and audits of your clients’ vendors. Verify that they have proper security controls in place, such as encryption and multifactor authentication.
- Review your clients’ Service Level Agreements (SLAs) with their vendors. Ensure these SLAs clearly outline the vendors’ security responsibilities and the actions they will take to ensure data protection.
- Implement continuous monitoring of your vendors’ security postures. Keep an eye out for any changes or anomalies that could indicate a security issue.
- Establish zero trust principles for all vendors. Inform them that under ZTA models, each access request is analyzed and validated, regardless of where the request comes from (including vendors who have enjoyed long-term relationships with your clients).
Helping your clients address potential third-party cyber risks is essential. Educate them on the value of comprehensive vendor vetting, continuous monitoring and implementing Zero Trust Network Access solutions to create a more secure ecosystem for their business operations.
Discover how Fortinet’s Zero Trust Network Access Solutions allow organizations to identify, authenticate and monitor users and devices on and off the network.
Sources:
1, 2 – TechCrunch – To better manage cybersecurity risks, extend zero-trust principles to third parties – Saket Modi, June 3, 2022