No man is an island. The same can be said about your business. Your organization relies on countless people for its survival, let alone its success. Ironically, many of these contributors work for someone else. Suppliers, vendors, consultants, contractors, and other service providers deliver tremendous value to organizations. Unfortunately, these service providers also pose significant risk, especially when you exchange PII, PHI, IP, and other sensitive information. While you have state-of-the-art technology solutions that prevent malicious cyberattacks and data breaches, you can’t vouch for your service providers’ security capabilities (or lack thereof). So you may be able to repel attackers at your firewall but you can’t prevent them from island hopping into your organization through your service providers. CISOs mitigate this third party cyber risk to varying degrees. Service contracts, security attestations and continuous oversight are some strategies that CISOs employ. There’s no silver bullet however so CISOs must consider a variety of strategies to protect their intellectual property when it’s shared with service providers.
CISO Street sat down last year with Dave Snyder, Chief Information Security Leader for Independence Blue Cross, to learn about one of his biggest concerns. In this video, Dave discusses the challenge of keeping PHI and other proprietary information safe from unauthorized access when it’s shared with so many service providers.