December 14, 2017 By Mark Samuels 2 min read

No one can deny that information security made headlines this year, but those high-profile attacks don’t tell the whole story. According to recent research by Gartner, the major attacks and data breaches that enterprises experienced throughout 2017 are just the tip of the iceberg when it comes to cybersecurity news.

Examining Cybersecurity News

The firm’s research director, Jeff Wheatman told TechRepublic that the next five to 10 years will see a new range of threats to corporate organizations. In fact, Gartner predicted that by 2021 an enterprise will suffer a business outage due to malware and ransomware that results in $1 billion in lost revenue.

Enterprises must consider how the dependencies that come with partnering with in an ever-growing pool of providers will affect their own cybersecurity. To avoid becoming the next piece of cybersecurity news, IT leaders must assess the security posture of their third-party providers.

Beware of the Ripple Effect

Digital transformation has led to a major shift in enterprise technology ecosystems. The posture of partner organizations becomes increasingly important as the ecosystem expands.

Wheatman noted that key partners are often connected to hundreds of other suppliers. While IT leaders will likely have no direct interaction with many of these companies, the security approach of these disparate organizations could have a huge impact on blue-chip businesses.

CIOs must understand the security posture of all potential partners as a matter of urgency. Gartner noted that major enterprises have been affected by attacks and breaches against their partners and by providers that work with their third-party vendors. This interconnectedness can create a ripple effect that could put major enterprises at risk.

Assessing the Security Posture of Partners

As more enterprises store data in the cloud, CIOs must be sure to understand the security posture of interconnected providers. According to Wheatman, Gartner has seen an increase in spending on security rating services. These services gather data and then run algorithms to assess enterprise cybersecurity, much like a credit rating is applied to a consumer. Investing in these services allows security leaders to understand the risk associated to partners operating within their extended ecosystems.

Making Smart Investments

The good news is that Gartner recently forecast that global security spending will total $96.3 billion next year, an 8 percent increase from 2017. Enterprises are spending more due to regulation concerns, emerging threats and evolution in digital business strategies.

IT decision-makers must clearly explain the risk of cybersecurity threats to senior stakeholders. They need to demonstrate how investing in information security reduces risk, improves governance and creates higher profits — and underscore that these practices need to be present in third parties as well.

More from

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today