Third-Party Active Risk Monitoring in 2016 | Are We Barking Up the Wrong Tree?
We build houses with gutters because, well, we’re pretty confident it’s going to rain at some point. Cars come with bumpers, airbags, reinforced steel frames, and a host of other safety features because, again, there’s a pretty good chance that any vehicle will have some sort of accident during its useful life. It’s common sense. When we’re highly confident something will happen, we don’t try in vain to prevent it, but rather prepare for the inevitable.
The rapidly-developing Third-Party Risk community is coming to terms with the changing nature of cyber threats, and the principle introduced in the opening paragraph of this paper. Today’s threat monitoring tools rely exclusively on an outside-looking-in view of the monitored, third-party organization, collecting data on externally-facing devices, and drawing conclusions from that scanning exercise that – the third-party risk community is beginning to appreciate – have limited impact on a monitored organization’s ability to address modern cyber threats.
This paper will discuss the approach used by today’s tools, examine why the current methodology is outdated, and ultimately why the resulting risk analysis and scoring is increasingly meaningless.
Request this White Paper
Fill out the form below to request this resource. Once approved by our staff, your download will be sent to the email address you provide.