By Nick Sorensen, CEO of Whistic, Inc.
It is no secret that the number of third party security incidents is increasing year by year. Last year SolarWinds started with the breach, ended with Log4j, and was marked in the news of one or the other breach virtually every day.
A recent study by Whistic found that nearly half of all businesses surveyed have experienced data breaches in the last three years, with more than 80% caused by third-party vendors. Cleaning up after a breach can be costly and not just from a financial standpoint (অনুযায়ী 4.24M / event according to IBM), But the damage it does to your brand and customer confidence is often irreparable.
With that potential threat, cyber security leaders now have to pass a security review before most vendors can bring them into their environment. Despite this knowledge, most parties often close the security review until the end of the sales cycle, which could push the deals to the next quarter or in some cases lose their contract directly because they did not respond quickly enough. . In fact, accordingly Seller Safety Report State90% of sales representatives say they have at least one deal push every quarter because they can’t respond to security reviews in a timely manner.
In the past, the vendor evaluation process has been difficult for both the seller and the customer. Until recently, the primary tools for managing vendor evaluations were spreadsheets and emails, which made it difficult to keep track of where vendors were processing and ensure that each evaluation was completed, especially considering the amount of vendors evaluating each month.
As a result, customer-seller relationships were often unfavorable rather than cooperative. It was almost like pulling customers’ teeth to track all the information needed to start the assessment and it would only get worse when they started to engage directly with the seller.
However, with the advancement of technology in recent years those relationships have begun to improve and clients are beginning to see their vendors as partners when it comes to security, which should have always been the case.
It is in this environment that Whiskey has teamed up with other top tech vendors including Octa, Airbnb, Gendesk, Asana, Atlasian, Snap, Notation, TripAction and G2 to form the first security initiative aimed at creating transparency among vendors. Customer expectations rather than exceptions. The reason is that transparency leads to trust, which ultimately leads to better protection against third party incidents for everyone involved.
In short, the vision of the enterprise is: the future of vendor security must be built on the basis of collaboration …[It’s] The only way to meet the needs of both buyers and sellers in the ecosystem. This is the most effective way to create transparency in the seller’s security expectations and when that happens, everyone wins.
Sharing security profiles makes it easier for vendors to share all their security documentation, standard query responses, certifications and audits with security profiles, ensuring that companies have no excuse not to share their security information as soon as possible during the sales cycle. Taking the extra time to create a profile before asking your customers can save countless hours that Infosec and Cybersecurity teams spend on responding once and responding to a one-off request.
An added benefit for sellers is that a transparent security stance can be a distinguishing factor between you and your competition that ultimately leads you to close more businesses. According to 2021 State of Trust and Transparency, 90% of respondents indicated that when a company discloses information about their security and compliance, it increases their confidence in that business. In addition, 96% of respondents said they were more likely to buy from a transparent vendor about security poses.
If you would like to join the Security First Initiative or want more information, you can read more about the initiative. Here.
About the author
Nick Sorensen is the CEO of Whistic, Inc., a network that evaluates, publishes and shares vendor security information. The Whiskey Vendor Security Network enables businesses to access and evaluate a vendor’s whiskey profile and build trusted connections that last beyond the initial evaluation.
Notice of fair use: Under the “fair use” law, other authors may restrict the use of the original author’s work without permission. 17 In accordance with US Code § 107, certain use of copyrighted material “for the purposes of criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not a copyright infringement.” As a matter of principle, fair use is based on the belief that parts of copyrighted material are free to be used for the purpose of public comment and criticism. The privilege of fair use is perhaps the most significant limitation of the exclusive rights of copyright owners. Cyber Defense Media Group is a news reporting company that reports cyber news, events, information and much more on our website Cyber Defense Magazine at no charge. All images and reporting are done exclusively under the fair use of US copyright law.