AV-TEST Identifies the 10 Best Security Products of 2014 In late December, I warned that third-party risks would be an issue that we had to watch in 2015, and quoted a statement from Steve Durbin, managing director of the Information Security Forum, about this topic. A newly released study from Forrester and BitSight Technologies found […]
AV-TEST Identifies the 10 Best Security Products of 2014
In late December, I warned that third-party risks would be an issue that we had to watch in 2015, and quoted a statement from Steve Durbin, managing director of the Information Security Forum, about this topic.
A newly released study from Forrester and BitSight Technologies found that companies are taking third-party contractors and vendors and their potential security risks very seriously. The study, “Continuous Third-Party Security Monitoring Powers Business Objectives and Vendor Accountability,” found that IT and security decision makers are putting a lot more emphasis into learning about contractors, consultants, vendors, and efforts into tracking risk, critical data loss or exposure and the threat of cyber attacks.
It’s easy to understand why third-party security concerns have increased: In so many of the high-profile breaches we’ve seen over the past 18 months, a third-party security breakdown has been, at least partially, to blame. As Stephen Boyer, CTO and co-founder of BitSight Technologies, said in a statement about the study:
The supply chain has become a cyber security minefield for companies, as we’ve seen with breaches caused by third-party vendors at Target, Neiman Marcus, Goodwill, Home Depot and many more. Continuous, data-driven monitoring of third-party security vulnerabilities and threats has become essential for effective vendor risk management.
And that thinking is what makes another result of the study so baffling and contradictory. While two-thirds of the respondents say third-party security is a top concern, only a little more than a third of them said that they regularly monitor the third party’s security efforts.
Should it be the role of a security professional to keep track of someone else’s security practices? Yes, if it means that their practices, or lack thereof, could put your network and data at risk. After all, as the leadership from Target can tell you from painful experience, if that third party’s security failure results in a breach of your company’s data, it is your company that is going to pay the price.
Security isn’t an area where companies should work in a cocoon or try to keep everything a trade secret. Security has to be a cooperative effort. A third-party contractor should be willing to keep their clients abreast of their security efforts, but you should also be making the effort in return.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba
Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
