Centric Consulting’s Director of IT Risk and Cybersecurity Matt Kipp was featured in Crain’s Cleveland Business discussing cybersecurity threats from vendor relationships.
The article, “What Cleveland CISOs Must Know About Cybersecurity Threats From Vendor Relationships,” highlights vendor management missteps that can lead to data breaches and how to avoid them.
Organizations often focus too heavily on internal defenses while overlooking vendor vulnerabilities, Kipp said. Cybercriminals have discovered it’s easier to target smaller, less secure vendors, he added, noting breaches at major companies like Adidas, Coinbase, and The North Face were all attributed to third-party relationships.
Some common missteps include applying one-size-fits-all security approaches, not conducting regular monitoring, overlooking shadow IT, and making convenient exceptions for preferred vendors.
“Your cybersecurity strategy is only as strong as your weakest vendor link,” he said. “With overall breach costs hitting an all-time high of $4.88 million in 2024, according to IBM’s latest research, organizations can’t afford to treat vendor security as a compliance checkbox.”
To reduce your third-party risk exposure, Kipp noted that it’s important to create a vendor security program that covers everything from selection to contract termination.