3 min read
A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors.
The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In this case, attackers exploited vulnerabilities in a third-party vendor’s access, exposing the personal information of over 40 million customers.
In 2022, 20% of data breaches were linked to third parties, contributing to even greater financial losses due to reputational damage and business disruption. Threat actors often target third-party vendors because of the vast amounts of sensitive data they manage. Managing third-party risk can be incredibly difficult due to limited visibility into vendors’ security practices.
While cybersecurity firms can conduct assessments of potential partners’ security posture without their direct involvement, organizations face considerable hurdles in understanding who has access to what data. Determining which vendors have read or write permissions to sensitive information is a complex and time-consuming task. Manual processes and siloed data often get in the way of effective vendor assessments.
Industry newsletter
Stay up to date on the most important—and intriguing—industry trends on AI, automation, data and beyond with the Think newsletter. See the IBM Privacy Statement.
Your subscription will be delivered in English. You will find an unsubscribe link in every newsletter. You can manage your subscriptions or unsubscribe here. Refer to our IBM Privacy Statement for more information.
Data security posture management (DSPM) offers a proactive approach to reducing third-party risks. By providing greater visibility into vendor access and permissions, DSPM allows security teams to:
Third-party breaches often carry significant compliance implications. A key concern is shadow data — data organizations don’t even know exists. In fact, 35% of breaches involve shadow data, which complicates tracking and protection efforts. The spread of data across multiple environments, a condition present in 40% of breaches, further intensifies this challenge. As a result, breaches involving shadow data are 16% more costly and take longer to identify and contain.
To address these compliance risks, more organizations are turning to DSPM solutions. By offering continuous visibility into data access and usage, DSPM helps companies maintain compliance with regulations such as the EU General Data Protection Regulation (GDPR), the US Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI DSS). DSPM tools enable organizations to quickly and efficiently identify and remediate potential violations, particularly those arising from third-party breaches, helping to safeguard sensitive data and comply with regulatory obligations.
Take control of third-party data access with IBM’s Guardium DSPM. This solution offers unique features designed to address the complexities of modern cloud environments:
In today’s fast-evolving business world, third-party risk management isn’t optional — it is a necessity. The financial and reputational costs of a breach are simply too high to overlook.
IBM Guardium DSPM provides the tools you need to regain control over third-party risks. By offering clear visibility, simplifying assessments and proactively detecting vulnerabilities, IBM Guardium DSPM helps organizations protect their sensitive data and maintain the trust of their customers.
IBM web domains
ibm.com, ibm.org, ibm-zcouncil.com, insights-on-business.com, jazz.net, mobilebusinessinsights.com, promontory.com, proveit.com, ptech.org, s81c.com, securityintelligence.com, skillsbuild.org, softlayer.com, storagecommunity.org, think-exchange.com, thoughtsoncloud.com, alphaevents.webcasts.com, ibm-cloud.github.io, ibmbigdatahub.com, bluemix.net, mybluemix.net, ibm.net, ibmcloud.com, galasa.dev, blueworkslive.com, swiss-quantum.ch, blueworkslive.com, cloudant.com, ibm.ie, ibm.fr, ibm.com.br, ibm.co, ibm.ca, community.watsonanalytics.com, datapower.com, skills.yourlearning.ibm.com, bluewolf.com, carbondesignsystem.com, openliberty.io