One of the challenges in mitigating third-party risk is effectively managing large portfolios of vendors. Business often have hundreds or thousands of suppliers, each used differently, presenting different kinds of information security risks. To solve this problem, CyberRisk uses a common pattern found in email clients and productivity software, like Gmail and JIRA, to label vendors in the way that makes sense to you.
Adding labels to your vendors can be accomplished in only a few clicks. Select vendors from the list, choose the correct label, and then click "Apply." This flexibility allows vendor risk managers to easily use cross-cutting organizational principles. For example, it might make sense to label vendors by the kind of service they provide, by which internal department is responsible for their budget, or by the types of data they handle.
Every business is different, so labels are easy to customize to describe the categorization that works for you. Select any vendors to which you want to apply the vendor, enter the label text, and you're done.
Those labels can then be used to easily filter long lists to enable the effective management of large numbers of vendors.
Being able to label and filter your vendors works with the rest of CyberRisk's capabilities to streamline a complete vendor risk management process. After labeling and filtering your vendors, the risk score helps an analyst identify the entities most at risk. The detailed vendor reports provide information on the vectors to which those vendors are exposed and the technical steps they can take to improve their resilience. Additionally, automated assessment questionnaires let analysts close the loop by requesting attestations from those vendors on the internal controls that cannot be assessed externally.
Misconfigurations are an internal problem that emanate from within the IT infrastructure of any enterprise; no hacker is necessary for massive damage to occur to digital systems and stored data. And the problem is pervasive, with Gartner estimating anywhere from 70% to 99% of data breaches result not from external, concerted attacks, but from internal misconfiguration of the affected IT systems.