GDT Webinar Series – How to Fail at Security? Reserve Your Spot
Contact

How to Mitigate the Risk Third-Party Providers Pose to Security

  • GDT
  • April 21, 2020

 

Fortune 500 technology giant General Electric (GE) recently disclosed that one of their service providers experienced a security incident in which personally identifiable information (PII) of current and former employees and beneficiaries was exposed. This is the latest in a LONG line of third-party breaches going back to at least 2013, yet most companies still do not have adequate third-party controls. What, if anything, can businesses do to help ensure their valued partners are not setting them up for a major security breach?

 

In 2013, a Target breach resulted in a loss of 70 million customers’ data. Though certainly not the first of its kind, it was at that time the largest. Yet it seems that, in the seven years since, corporate America learned nothing from the Target breach. In that time, approximately 163 breaches have occurred, with the number of companies, hospitals, schools, city governments, and other organizations affected totaling well over 200. In some cases, the same third party was responsible for over a dozen breaches, yet is still heavily used by numerous entities.

 

With the advent of the California Consumer Privacy Act (CCPA), as well as other state privacy laws, the need for adequate third-party security evaluations has become more important than ever. Companies must take greater action to ensure their third-party service providers are providing an adequate security environment for the data with which they are entrusted. This includes a greater level of due diligence than just a questionnaire. Third-party providers must also take steps to have an independent assessment and certification of their security processes. The most common of these is the AICPA’s SOC 2 Trusted Criteria assessment, although an ISO 27001 certification or other independent security assessment certification against an accepted security standard will help provide a level of assurance that security controls are in place AND fully operational.

 

GDT’s Advisory Services practice can assist our clients in preparing for these assessments by providing gap analysis assessments, developing a remediation plan to achieve compliance with many of the security frameworks and regulatory requirements such as CCPA, GDPR, ISO, NIST, and others. We can also assist in developing a security roadmap and strategy to ensure continued regulatory compliance, and provide guidance in the selection, implementation, and operation of security products and services to maximize your security program’s effectiveness while optimizing its cost.

Author

Share this article

You might also like:

See All

Are You Ready for Google’s 90-Day TLS Certificate Validity Limit?

Transport layer security (TLS) is one of the most common tools for keeping users safe on the internet. When automated, TLS certification management can help organizations ensure more reliable and consistent use of TLS, reducing the need for human intervention and risk of human error. In fact, over the years,

GDT Security VP on Leveraging AI & Machine Learning in Cybersecurity

As the head of GDT’s security practice and an industry veteran, Jeanne Malone and her team help customers worldwide advance their cybersecurity posture. One of the biggest cybersecurity game-changers is artificial intelligence (AI). We asked Jeanne to weigh in on leveraging AI and machine learning in cybersecurity to improve intrusion

Guard Against the “Elite Eight” Cybersecurity Threats of 2024

NCAA basketball coaching legend Bobby Knight once said: “Good basketball always starts with a good defense.” Winning teams understand their opponents’ strengths and weaknesses, as well as their own. They study their opponents’ plays and anticipate their next moves. The same concept is true for cybersecurity, which is why, at

Stay up-to-date with the industry

Fill out the form and get started!

GDT needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Privacy Policy.

GDT Innovation Campus | 999 Metromedia Place Dallas, TX 75247 | 214.857.6100

Stay up to date

Copyright © 2019-2024 General Datatech, LP. All rights reserved. GDT names and logos are trademarks, or trademarks Reg. U.S. Pat. & TM Office, of General Datatech, LP and/or its affiliates in the U.S. and other countries. Third-party trademarks mentioned or reflected herein are the property of their respective owners. Additionally, the use of the word “partner” does not imply a legal partnership relationship between GDT and any other company.

Connect with us

Copyright © 2019-2024 General Datatech, LP. All rights reserved. GDT names and logos are trademarks, or trademarks Reg. U.S. Pat. & TM Office, of General Datatech, LP and/or its affiliates in the U.S. and other countries. Third-party trademarks mentioned or reflected herein are the property of their respective owners. Additionally, the use of the word “partner” does not imply a legal partnership relationship between GDT and any other company.