How to Insulate your Business from Vendor Risk

Written by Hornetsecurity / 09.08.2024 /

You are currently viewing a placeholder content from Youtube. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.

More Information

You are currently viewing a placeholder content from Libsyn. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.

More Information

This episode of the Security Swarm podcast features guest Eric Siron, a Microsoft MVP in cloud and data center management. Eric works primarily with healthcare organizations and small-to-medium businesses, helping them navigate security and IT challenges. The episode focuses on the important topic of vetting and selecting third-party software vendors.  

Andy and Eric discuss the recent CrowdStrike incident that caused major disruptions for many businesses. They use this as a case study to explore best practices for evaluating vendors, including assessing their security track record, testing their solutions thoroughly, understanding their update and patch management processes, and having contingency plans in place in case of vendor failures. 

Key takeaways: 

  • Thoroughly vet third-party vendors before choosing them, looking at factors like their security track record, update/patch processes, and internal testing procedures.

  • When evaluating vendors, focus not just on features and capabilities, but also on their stability as a company, their customer base, and their ability to handle issues and outages.

  • Develop contingency plans and mitigation strategies for when a critical third-party vendor experiences issues or outages.

  • Assume that failures will happen, and be prepared for them.

Timestamps: 

(02:20) – CrowdStrike Incident 

(04:17) – Vetting Third-Party Vendors 

(11:42) – Compliance and Industry-Specific Considerations 

(13:46) – Detailed Testing of Solutions 

(19:26) – Common Problems with Third-Party Vendors 

(22:40) – The CrowdStrike Incident and Vendor Processes 

(29:10) – Mitigation Strategies 

You might also be interested in: