Everyone knows that a key ingredient to an effective third-party risk program is comprehensive, high-quality risk information. This includes details on supply chain risk, financial risk, legal risk, cyber risk, and more. With growing third-party ecosystems, it’s easier said than done for risk management teams to collect, organize, and prioritize their own risk information along with that of their partners. One of the solutions to these challenges can come from a surprising source — the dark web.
Third-party risk data collection just can’t be done manually anymore. Risk teams need to put processes in place to collect and analyze risk information — especially cyber risk — so they can focus their time on remediating their third-party threats. One way that risk teams can speed up third-party risk data collection is through vendor questionnaires, but that only provides an internal view of the third party’s risk.
External cyber risk information from the dark web provides a more unbiased view of an organization’s risk posture. However, that information may not be as easy to analyze and respond to. So why should risk teams spend their limited time trying to gather and understand information from external sources, especially from the dark web?
Source: Recorded Future