How to choose security vendors with cybersecurity in mind
Is your ecosystem of partners cybersecurity-focused? Learn why supply chain risk assessments are critical and how to choose vendors you can trust.
Many businesses today are focusing on their digital transformation journey. They’re investing in the latest IoT devices, digitizing old processes with innovative solutions, and finding new ways to capitalize on data they’re already collecting. But where business opportunities grow, so do the risks.
The more devices and solutions that you add to your ecosystem, the more your exposure to cybersecurity vulnerabilities increase. According to the Accenture State of Cybersecurity Report, third-party risks still dominate all cyber attacks. 61% of successful cyber breaches come from indirect attacks on organizations through their supply chain.
In a world where organizations no longer have clearly defined network perimeters, how can businesses and government agencies protect themselves? It starts with taking a more thorough cybersecurity risk assessment to establish baseline security standards for the solutions they purchase, and the vendors they partner with.
Prioritize supply chain risk management
Supply chain risk management isn’t something new. We’ve all heard the breach stories: the banning of state-owned camera manufacturers by certain governments, citing trust and security vulnerabilities; information privacy leak for products; and of course, thousands of customers being exposed to malware attacks.
No matter how you slice it, who you decide to partner with can impact your cyber resilience. And since third-party breaches are becoming more frequent, many data protection and privacy regulations are evolving to hold organizations more accountable.
Under the General Data Protection Regulations, for example, organizations can be held liable for a data breach that originates in their supply chain. Even if the supplier is deemed responsible for the breach, the business or data controller is still legally required to report the incident within 72 hours.
The problem? New research from Ponemon Institute and Mastercard’s RiskRecon found that only 34% of organizations are confident their suppliers would notify them of a breach of their sensitive information.
The damages from data breaches can be long-standing. Beyond the monetary penalties for non-compliance that can cripple an organization, damage to the business’s reputation and loss of customer trust can be difficult to recover from.
Find suppliers that strengthen your cybersecurity posture
In today’s interconnected world, strong cybersecurity can’t happen in siloes. Finding supply chain vendors that take cybersecurity as seriously as you is a must.
And here’s the good news—when you develop a sound strategy for vetting and selecting your vendors, you’re going to be able to do more than strengthen your information privacy and cybersecurity posture. You’ll be building a team of partners who will work alongside you to identify and mitigate vulnerabilities so your cybersecurity posture is hardened against new evolving threats.
How can you tell if a physical security vendor is committed to cybersecurity? Here are some questions you can ask them:
Risk identification and mitigation
Does the vendor proactively monitor the emergence of new threats and their potential impact on operations, data, and people? Do they have a comprehensive strategy in place to close security gaps and vulnerabilities? What policies do they have in place concerning cybersecurity?
Solutions built with cybersecurity in mind
Are their solutions developed with several security layers such as employing advanced authentication and encryption technologies? Do they offer documentation and tools to help
with cybersecurity hardening? Are they offering tools and features to help protect the privacy of people and their sensitive data?
A network of trust
Do they work with partners who also have security and data protection in mind? Do they carefully vet and select the partners to ensure the highest levels of cybersecurity and compliance?
Transparency and openness
What measures do they take to inform and support their customers regarding cybersecurity best practices? Are they forthcoming about known vulnerabilities and do they share strategies and fixes for quick remediation? Who’s liable if your equipment is used to access private information?
Data security and privacy standards
Do they adhere to information security standards such as ISO 27001? Do they engage third-party auditors and conduct penetrating tests to identify and address security gaps? Do they have any certifications from other regulatory bodies and international associations?
Remain proactive in strengthening your supply chain
A good risk management strategy isn’t something you set and forget. Threats are constantly evolving and so should your cybersecurity efforts. Reviewing your risks, assessing your cybersecurity strategies, and auditing your supply chain security should happen regularly.
Whether it’s once a month or once a year, you should take some time to review the cybersecurity policies of your vendors. Document if they’ve experienced any breaches and how they’ve handled those incidents. Check if any changes have been made to their data protection practices or if they’ve acquired new cybersecurity certifications.
You might also consider scheduling regular cybersecurity check-ins with your channel partner or solution vendor. These focused meetings can be a great opportunity to talk through the latest cybersecurity features available and identify any opportunities for additional hardening.
For instance, if you have a professional or enterprise-level Genetec™ system and a Genetec Advantage subscription, you and your channel partner will get yearly meetings with our Professional Services team. This can help you to address objectives such as full system health checks, cybersecurity audits, or automatic upgrade planning.
Working with a cybersecurity-focused vendor you can trust
A physical security system is as secure as the weakest point or the least trusted device connected to it. It’s that simple. Selecting vendors that build their business on best-in-class cybersecurity practices can make all the difference.
At Genetec, we embed cybersecurity best practices from the design phase of our solutions through to quality assurance, and across their entire R&D process. This allows us to deliver compliant and cyber-resilient solutions that help you protect your most sensitive information—and we don’t stop there. We stay on the pulse of emerging cyber threats and work with our partners and customers to advance cybersecurity measures. This ensures you’re always equipped to keep your cybersecurity posture strong.