Vendor Threats

5 tips for attacking the weakest link in COVID-19.
By Josh Riley Posted on June 23, 2020

Still, while employers may be exercising appropriate diligence with respect to their own operations, they could be overlooking similarly heightened cyber risks associated with their vendors and trading partners.

When it comes to guarding against cyber threats, any organization is only as strong as its weakest link. Here are five tips for employers to assess and manage potential cyber threats from vendor relationships and trading partners.

  1. Recognize small businesses may be big targets. That’s how cyber-criminals see it. The disparity in security investment between large enterprises and small businesses has not gone unnoticed by cyber criminals, who have turned their attention increasingly to these easier targets. The predominant strategy for hacking a larger business has followed suit: Want to infiltrate a large target? Hack one of their smaller partners first. Unfortunately, even large organizations with seemingly “bullet-proof” cyber protections may fall victim to smaller vendors or trading partners with less secure or inadequate cyber risk management.
  2. Watch COVID-19 related changes to your vendor business models. Over the years, effective cyber risk management has been largely a function of organizations’ ability to manage user behavior. Your business may be managing that exposure well, but your vendors probably are not—especially in light of adjustments businesses have made to maintain operations during COVID-19. With more staff working remotely, some businesses haven’t been rigorous about enforcing cyber security protocols and maintaining best practices. Get assurance from business partners not only that they’ve taken appropriate measures to address cyber risks of remote workers, but that they can also demonstrate how they are monitoring worker compliance.
  3. Think holistically about your enterprise. Effective cyber risk management simply cannot exist without recognizing that vendors and contractors are part of the attack surface. Think of the basic practices that work to keep your business safe: those are what your small partners need. In addition to reviewing any cyber-related requirements stipulated in your contracts with vendors, get confirmation from your partners about their inbox protection measures, browser controls, vulnerability assessment, employee security training, and cyber insurance coverage.  
  4. Don’t settle for excuses. In the past, robust cyber-risk solutions simply weren’t practical for most small businesses. That’s no longer the case. Today, many of the more sophisticated cyber risk management solutions widely implemented by larger businesses have been introduced for smaller enterprises at an affordable cost. The new approaches come without the need for internal IT or external consultants to install and maintain the software-based tools and resources. Besides inbox protection and browser controls, they include modules for continuous employee testing and training and special features to track successful completion.
  5. Check costs of supporting key vendor partners. To make sure critical vendors and trading partners have adequate cyber loss prevention, response and insurance, consider offering to assume or share the costs of these services. It’s a way to ensure your partners are adequately protected, as well as to safeguard your enterprise from vendor-related vulnerabilities. Further, many cyber-risk management providers now offer cost-effective end-to-end solutions that can be extended to vendors and key trading partners.

Taking steps to address the weakest link in various cybersecurity chains will help businesses strengthen their protection in an environment where cyber-crime is rapidly on the rise.

Riley is director of insurance at Paladin Cyber.

More in P&C

Imagery and AI Improve Cat Claims and Prevention
P&C Imagery and AI Improve Cat Claims and Prevention
Q&A with David Tobias, Co-Founder and COO, Betterview
P&C CIAB Q3 2022 P/C Market Survey Results Are In
Key takeaways from The Council’s latest market survey.
Important Loss Control Considerations for Manufacturers
P&C Important Loss Control Considerations for Manufacturers
Q&A with Sandy Smith, ARM, AINS, Assistant VP, Policyholder Services, EMC Insura...
Ostrich Syndrome
P&C Ostrich Syndrome
A recent federal lawsuit sent a regrettable message to C-suites: keep your head ...
Dear FIO...
P&C Dear FIO...
Two pence worth on the Federal Insurance Office’s request ...
Paranormal Peril
P&C Paranormal Peril
This isn't a case for Scooby-Doo and meddling kids.