By Matthew Hmoud, Head of Security Consulting at Adarma
The recent clash between the US Government and TikTok’s Chinese-owned parent company, Bytedance, has sparked a heated debate surrounding data privacy and national security concerns, they key issue being the possibility of ByteDance gaining access to the personal and sensitive data of US citizens.
With Congress passing legislation and President Joe Biden signing it into law on April 24, TikTok faces two options: sell to a US-approved buyer or risk being banned from the lucrative US market. This landmark ruling signifies a rapidly rising concern over third-party threats and should signal to security leaders a pressing need to embrace a new approach to assessing them.
Instead of relying on a one-size-fits-all questionnaire, there needs to be a more nuanced evaluation tailored to specific risks posed by individual third parties or suppliers. This approach enables organisations to align security controls with their risk appetite, fostering clearer security requirements and assurances.
The recent EU Digital Operational Resilience Act (DORA) legislation reinforces and highlights this growing emphasis on Third-Party Risk Management (TPRM) and supplier cyber resilience as exemplified in the five pillars of DORA.
To defend against supply chain attacks, organisations must adopt proactive TPRM strategies and leverage threat intelligence to identify and assess potential risks introduced by third parties. Here are three proactive strategies to help security teams stay ahead of the threat curve.
1. Proactive TPRM: Establish a comprehensive TPRM framework integrated within your wider risk management strategy. This framework should entail thorough vetting of new third parties/suppliers before onboarding and continuous monitoring of their cybersecurity practices.
2. Threat Intelligence: Invest in threat intelligence capabilities to proactively identify and assess risks posed by third parties. This enables ongoing monitoring of external providers and enhances your team’s ability to respond to emerging threats.
3. Continuous Monitoring: Regularly monitor both external suppliers and internal systems for any signs of compromise. Update security measures in response to evolving threats and incorporate new threat intelligence to stay resilient against emerging risks.
Let’s Talk
If you would like to learn more about how Adarma can support your organisation’s cyber resilience, please get in touch with us at hello@adarma.com.
To hear more from us, check out the latest issue of ‘Cyber Insiders,’ our c-suite publication that explores the state of the threat landscape, emerging cyber threats, and most effective cybersecurity best practices.
You can also listen to our new podcast, which explores what it’s really like to work in cybersecurity in today’s threat landscape.
Stay updated with the latest threat insights from Adarma by following us on X and LinkedIn.
![adarma_logo_twgt-black[11615449]](https://adarma.com/wp-content/uploads/2022/10/adarma_logo_twgt-black11615449.png){kind=logo}
