Why waste time, money, and resources investing in a system that is easily disturbed? In a recent article for NetworkWorld, Jon Oltsik analyzes the trend that needs to continually grow: running IT vendor risk management assessments.
Scrutinize the Details
IT vendors are still unfortunately focused on functionality rather than the vital component of security. Due to this lack of security, hardware vendors unintentionally design programs that contain potentially malicious elements. Third-party vendors also have the opportunity to turn these programs into malevolent structures capable of detrimental cyber crimes. All of these “what ifs” have led to a push for risk management specifically focused on vendors.
Vendor risk management has been an entity implemented in the past, but the focus was on the business’s financial stability and the important legalities, whereas now the focus is on cybersecurity. When it comes to software vendors, 47 percent of organizations look to their security features and 52 percent are actively auditing their cloud service providers’ security capabilities. Although these statistics are not entirely impressive, they do indicate a movement towards acknowledging the need for cybersecurity.
The silver lining is that organizations are more actively evaluating their IT vendors’ security today than ever. In 2010, a mere 30 % of organizations conducted security audits on their vendors; today that has jumped to 53 percent. There are still problems, however, that do need acknowledgment. Nearly half of organizations do not conduct these crucial audits and they are especially nonchalant when it comes to security of third-party distributors. The audits are also not being designed to look into the future.
The bottom line is that this system is broken and there needs to be a movement towards revision. Security should be addressed as a priority rather than an afterthought. You can read the original article here: http://www.networkworld.com/article/3002069/security/it-vendor-risk-management-improving-but-still-inadequate.html