Cyber risk introduced by external suppliers and vendors is a growing concern for large enterprises and government agencies.
The third-party supplier ecosystem presents a tempting target for sophisticated cybercriminals trying to infiltrate high-profile organizations, thereby exposing them to ransomware attacks and data breaches.
To mitigate such risks, organizations can implement advanced third-party risk management frameworks and require suppliers to comply before any transactions or access is granted. However, these frameworks can prove too complex for smaller suppliers who lack the organizational maturity to meet the stringent requirements.
This was the experience of one of Penta’s clients, a software developer for enterprise information management. As a supplier to major government and semi-government accounts, it frequently faced strict compliance checklists and high requirements when being assessed for security.
In one instance, Penta’s client was required to respond to a complex assessment within five days or risk losing a major account. The cyber risk compliance assessment requested involved 28 different areas of risk, such as governance, identity and access management, training and awareness, network security, business continuity and physical security. The client needed help evaluating its suitability and responding to the assessment.
Penta’s team of IT risk and compliance experts were engaged on short notice to help. They began by assessing the situation and identifying gaps across 11 domains. Based on the findings, Penta’s team worked closely with the client to respond to each item on the questionnaires and provide detailed comments. Additionally, Penta provided the client with a clear roadmap for full compliance in areas that fell short.
With Penta, the client was able to complete the assessment and submit the responses within the required five days. The cybersecurity posture was deemed satisfactory by the client’s customer, and their status as an approved supplier was kept.
The client appreciated Penta’s subject matter knowledge and experience, as well as the structured approach. Most importantly, it was critical to be available on short notice and deliver results successfully given the tight timeframe.
“Our team’s thorough evaluation, collaborative approach, and clear roadmap towards full compliance enabled our client to respond successfully and retain their status as a supplier. We take pride in delivering results in a very short timeframe and are committed to support our client in the ongoing implementation of compliance requirements.”
– Mohammad Hammoudeh – Information Security Specialist at Penta