Because Small Vendors Pose a BIG RISK

Gaining confidence in your third-party risk management program includes the ability to scale easily and include your full vendor ecosystem – not just a handful of vendors perceived as the most critical.

Small and medium-sized vendors (500 or fewer employees) represent over 99% of all U.S. businesses (SBA), and odds are that your organization has a large percentage of SMB vendors. Any one of them could be the weak link in your company’s security infrastructure.

DOWNLOAD THE DATASHEET

 

Managing third-party risk does not come in a one-size-fits-all package.

An assessment approach that works for your global payroll vendor, with more than 50,000 employees, will not work when it comes to assessing your 25-person law firm.

Both types of companies may have access to your networks or critical data, but their levels of sophistication – when it comes to cyber security – can be significantly different. SMB vendors typically lack:

  • the manpower, expertise and budgets for maintaining a high level of security
  • the ability to respond to assessment questionnaires designed for much larger,
    more sophisticated and well-resourced companies
  • the manpower, expertise and budgets for maintaining a high level of security
  • the ability to respond to assessment questionnaires designed for much larger,
    more sophisticated and well-resourced companies
  • an online presence that provides enough information to provide an initial view
    of their cyber risk through external scans
  • an online presence that provides enough information to provide an initial view
    of their cyber risk through external scans

 

SMB vendor risk assessments need objective, programmatic validation.

The best way to ensure your vendors meet a true baseline level of security is to gather validated data from internal security controls. DatumSec programmatically collects internal security controls data developed from best practices such as CIS, SANS 20.

These controls, which are responsible for preventing 80% of attacks1, provide CISOs and Risk Managers with objective, validated information regarding the actual security postures of their SMB vendors.

By observing security controls in user audits, patch management, firewall, antivirus, cloud usage and more, DatumSec provides you with the advantage of assessing all your important third parties, not just your biggest ones.

 

DOWNLOAD THE DATASHEET

 

Attacks on Small Businesses are Rising

SMB vendors are being targeted because they typically have a lower security posture, and not necessarily because of the value of their own digital assets. They’re being targeted because they’re the easiest vector into their enterprise partners.

And it’s working. Based on a June 2016 research report from Ponemon Institute, LLC, 2016 State of Cybersecurity in Small and Medium-Sized Businesses, 50% of SMB companies reported a data breach in the past 12 months.

According to Symantec’s Internet Security Threat Report, 2016, SMBs are increasingly being targeted by spear-phishing attacks (which grew 55% in 2015). As an overall percentage of companies being spearphished, SMB’s have grown from 18% of all businesses in 2012 to 43% in 2015.