1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Get ahead of third-party risk or wave goodbye to your cyber resil

    From TechnologyDaily@1337:1/100 to All on Monday, July 07, 2025 15:15:08
    Get ahead of third-party risk or wave goodbye to your cyber resilience

    Date:
    Mon, 07 Jul 2025 14:13:10 +0000

    Description:
    JPMorgan has raised the alarm on the growing threat posed by modern software integration models.

    FULL STORY ======================================================================

    JPMorgan has raised the alarm on the growing threat posed by modern software integration models. The global finance corporation released an open letter to its technology suppliers as a call for them to modernize their security or risk being cut off. Its a bold, necessary move in an era where one weak link can unravel an entire organization's cyber defenses.

    Security architecture must be modernized to keep pace with growing threats
    and ensure organizations can continue to operate safely. However, as well we know, visibility is the bedrock of any resilient security strategy. Without full, real-time insight into all assets, especially those brought in by third-party suppliers, organizations are effectively flying blind. Recent high-profile breaches in the retail sector have shown us that even the most sophisticated enterprises are vulnerable when blind spots exist in their supply chains.

    So while the open letter places a lot of emphasis on third parties and their role in supply chain security, it shouldnt divert responsibility away from businesses themselves. Organizations must take ownership and enforce compliance and security standards across their supplier ecosystem. When disaster strikes, it doesnt matter where the fault lies, its only the victim who suffers. Third-party risk is first-party responsibility

    Expecting every supplier to meet high security standards is only part of the equation. Businesses cant enforce what you cant see, and right now, many dont have real-time visibility into their own assets, let alone those of their partners.

    The problem is, too many are still burying their heads in the sand. Many senior executives cling to the dangerous assumption that "the IT team has it covered" or that cyber insurance will magically fix everything after an attack. History is plagued by organizations who underinvested, or perhaps
    more accurately mis-invested, in cyber resilience and failed to properly understand the risk until they were dealing with a full-blown crisis.

    Attacks on retail giants like Target and more recently M&S and the Co-op have shown us what happens when third-party risk is underestimated. These arent startups with immature IT, theyre household names with serious resources. And still, the breach came through third-party access points.

    Some businesses are genuinely overwhelmed by the technical complexity and competing priorities, but others have simply been lulled into complacency by years of dodging cybersecurity incidents through sheer luck rather than good management.

    But its not always deliberate ignorance. It often comes down to decision paralysis where leaders are confronted with an intimidating wall of threats and solutions and simply don't know where to begin. This is often combined with a reluctance to spend money when they themselves havent experienced an attack. The easiest approach therefore ends up being to delay making a decision. However this inaction just allows security gaps to grow larger by the day as attackers refine their methods.

    The unfortunate reality is that many businesses only develop robust cybersecurity practices after suffering a significant breach when the damage is already done. Dont invest in more tools; invest in smarter architecture

    Boosting cyber resilience is not about adding more tools to an already extensive tech stack; its about ensuring that every part of that stack functions cohesively. Collectively, we need less complexity, more clarity and above all, the ability to continuously control. Thats how to build security that lasts.

    At a minimum, cybersecurity should be treated like safety or finance at board-level, as something that is supported by automation , continuously monitored and managed and it starts with visibility. Full, continuous visibility across the entire tech stack, including third-party integrations, is the only way to manage modern threat paths. Its not enough to trust a suppliers word. You need evidence, you need monitoring, and you need to know the moment something changes.

    Regulatory compliance also places huge importance on third party risk, which should be a big indicator that organizations need to take the proactive steps in ensuring that their third parties are secure. The Digital Operational Resilience Act (DORA), The Financial Conduct Authority (FCA), ISO 27001 and NIS 2 all mandate that third party risk is now a core compliance requirement.

    So, while the knee-jerk response to JPMorgans letter might be to bolt on yet another tool, more tech isnt always the answer. In reality, it often just
    adds complexity which works against businesses looking for greater cyber resilience. Take ownership of your security

    Managing third party risk isnt something businesses can shift to their suppliers. Instead the Board must listen to their cyber teams who are crying out for the right systems and support. Only then can they take control and ensure they have the ability to monitor systems continuously, align security frameworks and surface evidence of compliance and risk in real time. Thats where the future of cybersecurity lies, and it will help them prepare for whatever new threats emerge.

    If youre still relying on supplier questionnaires and periodic audits to manage third-party risk, youre already behind. Working with third-parties is
    a two way street and requires ongoing collaboration . Businesses are just as responsible for their own security, and must proactively hold partners accountable for their end. JPMorgans letter is a wake-up call, but the response shouldnt be panic. It should be clarity and control.

    We've featured the best encryption software.

    This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro



    ======================================================================
    Link to news story: https://www.techradar.com/pro/get-ahead-of-third-party-risk-or-wave-goodbye-to -your-cyber-resilience


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)