Typically when one company has notified a partner that its security posture has fallen below an acceptable threshold the other company has made efforts to close the gap. Recently however the company encountered resistance from a major alliance partner. They say their cybersecurity is good enough and we say we want evidence in our own systems to feel confident that this is the case says the CIO.
If not we'll have to lock you out of our systems. Mitigating Third-Party Risks A similar weakness on the CIO's radar is third-party system risk. Last year the construction company's payroll provider suffered a Whatsapp Mobile Number List data breach. Then in December the provider of the construction company's password management system was hacked. The breaches created a gap in the company's day-to-day operational systems as well as concerns that its own data had been compromised. These are the companies we rely on says the CIO. If the company whose sole purpose is to store your passwords is under attack who can you rely on.
These incidents in combination with the cyber attackand the disruption of operations at the contractor's construction suppliers have prompted those responsible to reassess the risk to third parties. One of the things we're rolling out right now is a third-party assessment as part of our onboarding which gives us confidence that they're doing enough to protect their own systems says the CIO. We're going to ask them some key questions about cybersecurity just like we're currently asking them about issues like diversity.