P&C

Vendor Threats

5 tips for attacking the weakest link in COVID-19.
By Josh Riley Posted on June 23, 2020

Still, while employers may be exercising appropriate diligence with respect to their own operations, they could be overlooking similarly heightened cyber risks associated with their vendors and trading partners.

When it comes to guarding against cyber threats, any organization is only as strong as its weakest link. Here are five tips for employers to assess and manage potential cyber threats from vendor relationships and trading partners.

  1. Recognize small businesses may be big targets. That’s how cyber-criminals see it. The disparity in security investment between large enterprises and small businesses has not gone unnoticed by cyber criminals, who have turned their attention increasingly to these easier targets. The predominant strategy for hacking a larger business has followed suit: Want to infiltrate a large target? Hack one of their smaller partners first. Unfortunately, even large organizations with seemingly “bullet-proof” cyber protections may fall victim to smaller vendors or trading partners with less secure or inadequate cyber risk management.
  2. Watch COVID-19 related changes to your vendor business models. Over the years, effective cyber risk management has been largely a function of organizations’ ability to manage user behavior. Your business may be managing that exposure well, but your vendors probably are not—especially in light of adjustments businesses have made to maintain operations during COVID-19. With more staff working remotely, some businesses haven’t been rigorous about enforcing cyber security protocols and maintaining best practices. Get assurance from business partners not only that they’ve taken appropriate measures to address cyber risks of remote workers, but that they can also demonstrate how they are monitoring worker compliance.
  3. Think holistically about your enterprise. Effective cyber risk management simply cannot exist without recognizing that vendors and contractors are part of the attack surface. Think of the basic practices that work to keep your business safe: those are what your small partners need. In addition to reviewing any cyber-related requirements stipulated in your contracts with vendors, get confirmation from your partners about their inbox protection measures, browser controls, vulnerability assessment, employee security training, and cyber insurance coverage.  
  4. Don’t settle for excuses. In the past, robust cyber-risk solutions simply weren’t practical for most small businesses. That’s no longer the case. Today, many of the more sophisticated cyber risk management solutions widely implemented by larger businesses have been introduced for smaller enterprises at an affordable cost. The new approaches come without the need for internal IT or external consultants to install and maintain the software-based tools and resources. Besides inbox protection and browser controls, they include modules for continuous employee testing and training and special features to track successful completion.
  5. Check costs of supporting key vendor partners. To make sure critical vendors and trading partners have adequate cyber loss prevention, response and insurance, consider offering to assume or share the costs of these services. It’s a way to ensure your partners are adequately protected, as well as to safeguard your enterprise from vendor-related vulnerabilities. Further, many cyber-risk management providers now offer cost-effective end-to-end solutions that can be extended to vendors and key trading partners.

Taking steps to address the weakest link in various cybersecurity chains will help businesses strengthen their protection in an environment where cyber-crime is rapidly on the rise.

Riley is director of insurance at Paladin Cyber.

More in P&C

Ripple Effects of Cyber Attacks
P&C Ripple Effects of Cyber Attacks
Companies are facing business interruption, higher premiums, and new legislation...
P&C Trillion-Dollar Trend or a Monetary Moment?
Decentralized, digital and disruptive, cryptocurrency takes its place on the wor...
Building the Business Framework
P&C Building the Business Framework
Climate change to play critical role in SEC’s policy and compliance agenda goi...
The Business of Climate Change
P&C The Business of Climate Change
Brokers have an opportunity now to get ahead of environmentally mandated transit...
Excess Exported
P&C Excess Exported
Legal frameworks that allow U.S.-style class-action suits ar...
Patching Up the Oil Patch
P&C Patching Up the Oil Patch
Pressure mounts to mitigate harmful greenhouse gas emissions...