Last month, the Ponemon Institute released a report, Data Risk in the Third-Party Ecosystem, that confirmed what many suspected: third-party vendors are the wild, wild west of cybersecurity. A shocking number of companies surveyed do not believe that a third-party vendor will notify them if a data breach occurs, and even more doubt they’ll be notified about a downstream breach.
In the podcast, Linn Freedman, Robinson+Cole partner and Brown University Executive Master in Cybersecurity professor, confirms that the survey corresponds to her professional experience as chair of Robinson+Cole’s Data Privacy + Security team. She states, “We’re seeing more and more data loss from third-party vendors, as opposed to companies. We’re also seeing a break in the communication between the company and their third-party vendors.”
We invite you to listen to this podcast to hear Freedman’s insights into the magnitude of this threat, the role Target’s HVAC vendor played in their notorious breach, and best practices for a vendor management program – auditing, contractual provisioning, corporate responsibility, and other related topics.