P&C

Vendor Threats

5 tips for attacking the weakest link in COVID-19.
By Josh Riley Posted on June 23, 2020

Still, while employers may be exercising appropriate diligence with respect to their own operations, they could be overlooking similarly heightened cyber risks associated with their vendors and trading partners.

When it comes to guarding against cyber threats, any organization is only as strong as its weakest link. Here are five tips for employers to assess and manage potential cyber threats from vendor relationships and trading partners.

  1. Recognize small businesses may be big targets. That’s how cyber-criminals see it. The disparity in security investment between large enterprises and small businesses has not gone unnoticed by cyber criminals, who have turned their attention increasingly to these easier targets. The predominant strategy for hacking a larger business has followed suit: Want to infiltrate a large target? Hack one of their smaller partners first. Unfortunately, even large organizations with seemingly “bullet-proof” cyber protections may fall victim to smaller vendors or trading partners with less secure or inadequate cyber risk management.
  2. Watch COVID-19 related changes to your vendor business models. Over the years, effective cyber risk management has been largely a function of organizations’ ability to manage user behavior. Your business may be managing that exposure well, but your vendors probably are not—especially in light of adjustments businesses have made to maintain operations during COVID-19. With more staff working remotely, some businesses haven’t been rigorous about enforcing cyber security protocols and maintaining best practices. Get assurance from business partners not only that they’ve taken appropriate measures to address cyber risks of remote workers, but that they can also demonstrate how they are monitoring worker compliance.
  3. Think holistically about your enterprise. Effective cyber risk management simply cannot exist without recognizing that vendors and contractors are part of the attack surface. Think of the basic practices that work to keep your business safe: those are what your small partners need. In addition to reviewing any cyber-related requirements stipulated in your contracts with vendors, get confirmation from your partners about their inbox protection measures, browser controls, vulnerability assessment, employee security training, and cyber insurance coverage.  
  4. Don’t settle for excuses. In the past, robust cyber-risk solutions simply weren’t practical for most small businesses. That’s no longer the case. Today, many of the more sophisticated cyber risk management solutions widely implemented by larger businesses have been introduced for smaller enterprises at an affordable cost. The new approaches come without the need for internal IT or external consultants to install and maintain the software-based tools and resources. Besides inbox protection and browser controls, they include modules for continuous employee testing and training and special features to track successful completion.
  5. Check costs of supporting key vendor partners. To make sure critical vendors and trading partners have adequate cyber loss prevention, response and insurance, consider offering to assume or share the costs of these services. It’s a way to ensure your partners are adequately protected, as well as to safeguard your enterprise from vendor-related vulnerabilities. Further, many cyber-risk management providers now offer cost-effective end-to-end solutions that can be extended to vendors and key trading partners.

Taking steps to address the weakest link in various cybersecurity chains will help businesses strengthen their protection in an environment where cyber-crime is rapidly on the rise.

Riley is director of insurance at Paladin Cyber.

More in P&C

Risky Business
P&C Risky Business
RiskScan 2024 identifies what buyers and sellers in the insurance industry are w...
Sponsored By Munich Re
P&C When Disaster Knocks
A continuous series of natural catastrophes around the United States might final...
Business Interruption Goes Digital
P&C Business Interruption Goes Digital
Brokers have long worked to help ensure their clients are covered for unexpected...
Sponsored By Ryan Specialty
Bond, Completion Bond
P&C Bond, Completion Bond
For movie buffs, completion guarantors are a little-known but crucial element of...
Council Q3 2024 P/C Market Survey Results
P&C Council Q3 2024 P/C Market Survey Results
More premium increase moderation, but umbrella sees effects ...
Weathering Cyber Storms
P&C Weathering Cyber Storms
Q&A with Joshua Motta, CEO and Co-Founder, Coalition