An ecosystem approach to cyber resilience

It is a scenario eerily reminiscent of recent times. When one body is put at risk, so is everybody in contact with it.

​

Being part of a resilient community can reduce that risk. In epidemiology, it is called “herd immunity.” In cybersecurity, third-party risk management (TPRM) is supposed to provide it. In the same way a disease peters out when it cannot contaminate enough people, a breach cannot spread when its surroundings are secure.

​

But the “me versus them” mentality of standard TPRM approaches makes that resilience difficult to achieve. Third parties tend to be an afterthought in cybersecurity; fourth parties and beyond tend to be ignored entirely.

​

Businesses often assume that third-party risk can be managed based on the amount of data shared or its sensitivity. That is not wholly misled, but it does ignore that a breach affecting some innocuous data can rapidly infect other areas. An ecosystem approach solves that by reorienting cybersecurity, and by extension TPRM, around a collective “us.”

​

Read on