Article by Sean O’Brien, director at DVV Solutions
5 keys to managing Fourth Party cybersecurity risk
If GDPR hasn’t raised the stakes and drawn attention to the risks in the data supply chain then maybe nothing will.
The mix of media attention, ICO & GDPR guidelines and the messaging produced by GRC solution providers over the last months/years should have done a pretty good job of raising awareness of the issues surrounding Third Party cyber risk (where there is a direct, contractual link with your outsourced data processors). And that’s without mentioning the ever increasing examples of lax security controls in place at many of the largest and most commonly used IT firms that can leave the back door open to an organisation’s network. See Cisco’s hardcoded data centre admin password flaw and Twitter’s potential user password exposure as prime examples
But what if we look beyond the direct relationships your organisation has on a day-to-day basis? Think for a moment about the eco-systems and downstream supply chains that your IT service providers and data processors (and possibly unwittingly YOU) rely on to help deliver their services. These could be Fourth, Fifth or even Sixth-party suppliers – but for simplicity let’s refer to them as Fourth-Parties.
How securely and safely do they manage and support your commercial operations and process sensitive Personally Identifiable Information (PII) data?
This article was originally published by DVV Solutions